-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQs7L4AAoJEGVp2FWnRL6T2ykP/1duCq7zwsIcFI0VVlJ+fLSg
sI9AD2AbL1llwmjImF24L0RsG6Y+WyMwPXAar3VRoYvcRtiZ2TwBhO8WLpO+COMe
Vohx6Q6ywkaV0lTYX2OIO9rsDDiWzu0+4+v9jGAIjW+oNS9wTRA4pUMx1ERKrnkg
wm5MpWcN+J3fy9rcjDNsa9I3hIVIz2cXOYemCxYYeU7QIJMEK2z6wNIIXiIw7Cn0
8JXabc8dN4GyI8nhytzj9JTttfAKTSKCcxL7pbAjrOjxpYJTVyvmPnUJZTE4NfcR
JuCZvwgJBhJPr4qJGVe3UhJMTxiB2FscBRB6aELB8QuuzWyvHCYJtcKndPmWiSa3
V8loyT77nmQca6f2jGPQlA8Ui1GLROr+qcnnChdClSqboHmU5X8Ylu4fRDpYnvya
k7CZz3xa+ZkcHgpCgwpQj/xL0wTIZO7FNrTOc+yrx/QhCR47R/lDonhYlwVpOwri
EnalGeLNCbRJAFJoBG29YZoyRsph61a4HgiHZKOiJ9Ey+biECbvTET7SzIVK/pVw
QxHpYAjjkumO/LY7MzA3rTW/TLOpUOOfLU0AYGP0GMHX9nqZMIJEFuUgt3TpOHcT
B9tjBS3H2uIJdWVMDKzB7IUii/pEnAS3EBA0Ryn50kABtMZMHs6i6Ro9zSc34l2Y
cGrakeNnkNaxTxmeJEcW
=NEhd
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1640-1
November 26, 2012
libssh vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
Summary:
linssh could be made to crash or run programs if it received specially
crafted network traffic.
Software Description:
- libssh: A tiny C SSH library
Details:
Xi Wang and Florian Weimer discovered that libssh incorrectly handled
memory. A remote attacker could use this to cause libssh to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2012-4559, CVE-2012-4560, CVE-2012-4561, CVE-2012-4562)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
libssh-4 0.5.2-1ubuntu0.12.10.1
Ubuntu 12.04 LTS:
libssh-4 0.5.2-1ubuntu0.12.04.1
Ubuntu 11.10:
libssh-4 0.5.2-1ubuntu0.11.10.1
Ubuntu 10.04 LTS:
libssh-4 0.4.2-1ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1640-1
CVE-2012-4559, CVE-2012-4560, CVE-2012-4561, CVE-2012-4562
Package Information:
https://launchpad.net/ubuntu/+source/libssh/0.5.2-1ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/libssh/0.5.2-1ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/libssh/0.5.2-1ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/libssh/0.4.2-1ubuntu1.1
No comments:
Post a Comment