Public bug reported:
Hi,
Several CVE have been published regarding libssh < 0.5.3
CVE-2012-4559: multiple double free() flaws
CVE-2012-4560: multiple buffer overflow flaws
CVE-2012-4561: multiple invalid free() flaws
CVE-2012-4562: multiple improper overflow checks
The proper fix for the 0.5 branch have been published. The 0.4 branch is
also vulnerable but no published patches yet.
** Affects: libssh (Ubuntu)
Importance: High
Status: New
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4559
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4560
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4561
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4562
** Changed in: libssh (Ubuntu)
Importance: Undecided => High
** Description changed:
Hi,
Several CVE have been published regarding libssh < 0.5.3
CVE-2012-4559: multiple double free() flaws
CVE-2012-4560: multiple buffer overflow flaws
CVE-2012-4561: multiple invalid free() flaws
CVE-2012-4562: multiple improper overflow checks
+
+ The proper fix for the 0.5 branch have been published. The 0.4 branch is
+ also vulnerable but no published patches yet.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1082328
Title:
Several CVE in version < 0.5.3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1082328/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
