Red Hat Security Advisory 2015-2140-07 - The libssh2 packages provide a library that implements the SSH2 protocol. A flaw was found in the way the kex_agree_methods() function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSH_MSG_KEXINIT packet to crash a connecting libssh2 client. Previously, libssh2 did not correctly adjust the size of the receive window while reading from an SSH channel. This caused downloads over the secure copy protocol to consume an excessive amount of memory. A series of upstream patches has been applied on the libssh2 source code to improve handling of the receive window size. Now, SCP downloads work as expected.
b68e45af8025497478fc0ae997caa7323085b856d2be7c4e4f55033346d7dc6e
Mandriva Linux Security Advisory 2015-148 - Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash or otherwise read and use unintended memory areas in this process.
d9d2fd19be97a30bea44e233e81ce1fdb672ee14eb24ed3d3a69eb1b9469843f
Mandriva Linux Security Advisory 2015-148 - Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash or otherwise read and use unintended memory areas in this process. Packages were missing for Mandriva Business Server 1 with the MDVSA-2015:148 advisory which are now being provided.
43a108dd75415e802700da18907f8eda1002da408a7ff3697f966c331440d789
Debian Linux Security Advisory 3182-1 - Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash (denial of service) or otherwise read and use unintended memory areas in this process.
56e9da97a560309b0ac9c520969ba7154b3f72b3e1c8f6089c1f38150e589102