Fedora 20 Security Update: libssh2-1.5.0-1.fc20

Resolved Bugs
1199511 – libssh2: Using SSH_MSG_KEXINIT data unbounded<br
This update, to the current upstream release version, contains numerous bug fixes and enhancements as described in the RELEASE-NOTES file.
These include a security fix for CVE-2015-1782:
A malicious attacker could man in the middle a real server and cause libssh2-using clients to crash (denial of service) or otherwise read and use completely unintended memory areas in this process. There are no known exploits of this flaw at this time.
See http://www.libssh2.org/adv_20150311.html for further details.

Leave a Reply