Univention Bugzilla – Bug 51756
libssh: Multiple issues (4.4)
Last modified: 2020-08-05 15:15:36 CEST
New Debian libssh 0.7.3-2+deb9u3 fixes: This update addresses the following issue: * a NULL pointer dereference in sftpserver.c if ssh_buffer_new returns NULL (CVE-2020-16135)
--- mirror/ftp/4.4/unmaintained/4.4-0/source/libssh_0.7.3-2+deb9u2.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/libssh_0.7.3-2+deb9u3.dsc @@ -1,3 +1,12 @@ +0.7.3-2+deb9u3 [Sat, 01 Aug 2020 00:28:18 +0200] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2020-16135: + The code in src/sftpserver.c did not verify the validity of certain + pointers and expected them to be valid. A NULL pointer dereference could + have been occured that typically causes a crash and thus a + denial-of-service. + 0.7.3-2+deb9u2 [Mon, 31 Dec 2018 14:47:15 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload. <http://10.200.17.11/4.4-5/#1710511932243526672>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-5] 79e62590da Bug #51756: libssh 0.7.3-2+deb9u3 doc/errata/staging/libssh.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x695>