Univention Bugzilla – Bug 56563
libssh2: Multiple issues (5.0)
Last modified: 2023-09-13 16:22:07 CEST
New Debian libssh2 1.8.0-2.1+deb10u1 fixes: This update addresses the following issues: 1.8.0-2.1+deb10u1 (Thu, 07 Sep 2023 19:27:44 +0200) * Non-maintainer upload by the LTS Security Team. * Fix CVE-2019-13115: integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. * Fix CVE-2019-17498: the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read (closes: #943562). * Fix CVE-2020-22218: missing check in _libssh2_packet_add() allows attackers to access out of bounds memory.
--- mirror/ftp/pool/main/libs/libssh2/libssh2_1.8.0-2.1.dsc +++ apt/ucs_5.0-0-errata5.0-4/source/libssh2_1.8.0-2.1+deb10u1.dsc @@ -1,3 +1,15 @@ +1.8.0-2.1+deb10u1 [Thu, 07 Sep 2023 19:27:44 +0200] Guilhem Moulin <guilhem@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Fix CVE-2019-13115: integer overflow that could lead to an out-of-bounds + read in the way packets are read from the server (closes: #932329). + * Fix CVE-2019-17498: the SSH_MSG_DISCONNECT logic in packet.c has an + integer overflow in a bounds check, enabling an attacker to specify an + arbitrary (out-of-bounds) offset for a subsequent memory read (closes: + #943562). + * Fix CVE-2020-22218: missing check in _libssh2_packet_add() allows + attackers to access out of bounds memory. + 1.8.0-2.1 [Sun, 31 Mar 2019 16:06:20 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload. <http://piuparts.knut.univention.de/5.0-4/#9147760409945948354>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-4] 6665251e6c Bug #56563: libssh2 1.8.0-2.1+deb10u1 doc/errata/staging/libssh2.yaml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) [5.0-4] b2f1164067 Bug #56563: libssh2 1.8.0-2.1+deb10u1 doc/errata/staging/libssh2.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x802>