Ubuntu
libssh package

Several CVE in version < 0.5.3

  1. Quantal (12.10)
  2. Bug #1082328
Bug #1082328 reported by Laurent Bigonville
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libssh (Ubuntu)
Fix Released
High
Unassigned
Lucid
Fix Released
Medium
Marc Deslauriers
Oneiric
Fix Released
Medium
Marc Deslauriers
Precise
Fix Released
Medium
Marc Deslauriers
Quantal
Fix Released
Medium
Marc Deslauriers
Raring
Fix Released
High
Unassigned

Bug Description

Hi,

Several CVE have been published regarding libssh < 0.5.3

CVE-2012-4559: multiple double free() flaws
CVE-2012-4560: multiple buffer overflow flaws
CVE-2012-4561: multiple invalid free() flaws
CVE-2012-4562: multiple improper overflow checks

The proper fix for the 0.5 branch have been published. The 0.4 branch is also vulnerable but no published patches yet.

See original description
Laurent Bigonville (bigon)
Changed in libssh (Ubuntu):
importance: Undecided → High
description: updated
Marc Deslauriers (mdeslaur)
Changed in libssh (Ubuntu Raring):
status: New → Fix Released
Changed in libssh (Ubuntu Lucid):
status: New → Confirmed
Changed in libssh (Ubuntu Oneiric):
status: New → Confirmed
Changed in libssh (Ubuntu Precise):
status: New → Confirmed
Changed in libssh (Ubuntu Quantal):
status: New → Confirmed
Changed in libssh (Ubuntu Lucid):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libssh (Ubuntu Oneiric):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libssh (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libssh (Ubuntu Quantal):
assignee: nobody → Marc Deslauriers (mdeslaur)
information type: Public → Public Security
Changed in libssh (Ubuntu Lucid):
importance: Undecided → Medium
Changed in libssh (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in libssh (Ubuntu Precise):
importance: Undecided → Medium
Changed in libssh (Ubuntu Quantal):
importance: Undecided → Medium
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

http://www.ubuntu.com/usn/usn-1640-1/

Changed in libssh (Ubuntu Oneiric):
status: Confirmed → Fix Released
Changed in libssh (Ubuntu Quantal):
status: Confirmed → Fix Released
Changed in libssh (Ubuntu Precise):
status: Confirmed → Fix Released
Changed in libssh (Ubuntu Lucid):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.