StarlingX

[Debian] High CVE: CVE-2020-22218 libssh2

Bug #2071585 reported by Yue Tao on 2024-07-01

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	Peng Zhang

An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.

Base Score: High

Reference:

['libssh2-1-dev_1.9.0-2_amd64.deb===>libssh2-1-dev_1.9.0-2+deb11u1_amd64.deb', 'libssh2-1_1.9.0-2_amd64.deb===>libssh2-1_1.9.0-2+deb11u1_amd64.deb']

Tags:

Peng Zhang (pzhang2) on 2024-07-11

Changed in starlingx:
assignee:	nobody → Peng Zhang (pzhang2)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-07-12: Fix proposed to tools (master)

Changed in starlingx:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-07-12: Fix merged to tools (master)

commit 0eb294cce207b4826ba541837c4689461667e85e
Author: Peng Zhang <email address hidden>
Date: Wed Jul 10 03:30:47 2024 +0000

Debian: libssh2: fix CVE-2020-22218

Upgrade libssh2-1-dev to 1.9.0-2+deb11u1
Upgrade libssh2-1 to 1.9.0-2+deb11u1

    TestPlan:
    PASS: downloader; build-pkgs
    PASS: build-image

    Closes-Bug: 2071585
    Change-Id: Id9810b55180d8cfd9c5481263291f9b8d2bb0b70
    Signed-off-by: Peng Zhang <email address hidden>

Changed in starlingx:
status:	In Progress → Fix Released

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Bug watches keep track of this bug in other bug trackers.