[SECURITY] [DSA 4431-1] libssh2 security update

From: Salvatore Bonaccorso <carnil@debian.org>
To: bugtraq@securityfocus.com
Cc:
Subject: [SECURITY] [DSA 4431-1] libssh2 security update
Date:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4431-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 13, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libssh2
CVE ID         : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858
                 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862
                 CVE-2019-3863
Debian Bug     : 924965

Chris Coulson discovered several vulnerabilities in libssh2, a SSH2
client-side library, which could result in denial of service,
information leaks or the execution of arbitrary code.

For the stable distribution (stretch), these problems have been fixed in
version 1.7.0-1+deb9u1.

We recommend that you upgrade your libssh2 packages.

For the detailed security status of libssh2 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/libssh2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlyx3z9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QuJQ/+OXoYuhuUFBmpw6JJQElM98wGGsQnr+DEBcNKBrXNyZTfh2jZgZ2C+Loz
1BHewzhBWWCLPyVduTaW0xnQksfBGkiKoEQosdaFARtwgjfGw+hEOvZifm1CIxbM
8SlIbeXEDUeS+cMrzk92kOZ5CJt7y1v/bRdqshQ+i2jNj1bWUju5w4N15h+WIdSe
C/QPiVcht9pHTdV4HP6J4kONbRNOfCBtafac1dGFqfu1bG4XhgNhrWUUkyAvlMJ7
GLuWxZp6k8XW8svTWwlqzuBaRh6IYDq/lFdl4hbZH5BDfrAa1F91DwV24316/9AJ
qsltmm/9F7MSg8Pg3ENkip2EV8Az/dwpwMXXjo2nvYVQ5eifg3Z8/8rxg20bE/jM
r99Y+5TyQMtNRmUVZ0qmifYNwocniBEK3pgrgpUYeQFF+3d8IpmlA1YY6m+APMvv
Nv6s8P0VPpzzyT9wlVb4SZxETRRfhSSOIXH56elrEcKhI0hJMpPqYy37x6Ffl1UY
XQq59S3veIjyVPk2pKbvz69hLdg/HEVLOb4sxqeNUtowfLfgsDLr7Hvt+ZjKXqR5
xyxQFPV06m0UWIPih55f11TcK3INResR+KnzN+r5E5gmOT2qdL3L76jG6DwmJdm6
qLYAU1EokRLv+l403jrVM4H5N7MPd+Ti+95W6nT0IUNV/DHtbbM=
=scVb
-----END PGP SIGNATURE-----





Copyright © 1995-2019 LinuxRocket.net. All rights reserved.