Debian 10261 Published by

A libssh2 security update has been released for Debian GNU/Linux 7 Extended LTS



ELA-186-1 libssh2 security update

In libssh2, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

For Debian 7 Wheezy, these problems have been fixed in version 1.4.2-1.1+deb7u8.

We recommend that you upgrade your libssh2 packages.

Further information about Extended LTS security advisories can be found at:  https://deb.freexian.com/extended-lts/