Public bug reported: Hi,
Several CVE have been published regarding libssh < 0.5.3 CVE-2012-4559: multiple double free() flaws CVE-2012-4560: multiple buffer overflow flaws CVE-2012-4561: multiple invalid free() flaws CVE-2012-4562: multiple improper overflow checks The proper fix for the 0.5 branch have been published. The 0.4 branch is also vulnerable but no published patches yet. ** Affects: libssh (Ubuntu) Importance: High Status: New ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4559 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4560 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4561 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4562 ** Changed in: libssh (Ubuntu) Importance: Undecided => High ** Description changed: Hi, Several CVE have been published regarding libssh < 0.5.3 CVE-2012-4559: multiple double free() flaws CVE-2012-4560: multiple buffer overflow flaws CVE-2012-4561: multiple invalid free() flaws CVE-2012-4562: multiple improper overflow checks + + The proper fix for the 0.5 branch have been published. The 0.4 branch is + also vulnerable but no published patches yet. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1082328 Title: Several CVE in version < 0.5.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1082328/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs