Debian 10225 Published by

A libssh security update has been released for Debian GNU/Linux 8 Extended LTS to address a denial of service issue.



ELA-254-1 libssh security update

Package libssh
Version 0.6.3-4+deb8u5
Related CVE CVE-2020-16135

The code in src/sftpserver.c did not verify the validity of certain pointers and expected them to be valid. A NULL pointer dereference could have been occured that typically causes a crash and thus a denial-of-service.

For Debian 8 jessie, these problems have been fixed in version 0.6.3-4+deb8u5.

We recommend that you upgrade your libssh packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-254-1 libssh security update