Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0343)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2019.0343

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2019-0343)

Resumen: The remote host is missing an update for the 'libssh2' package(s) announced via the MGASA-2019-0343 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libssh2' package(s) announced via the MGASA-2019-0343 advisory.

Vulnerability Insight:
The updated packages fix a security vulnerability:

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in
packet.c has an integer overflow in a bounds check, enabling an attacker
to specify an arbitrary (out-of-bounds) offset for a subsequent memory
read. A crafted SSH server may be able to disclose sensitive information
or cause a denial of service condition on the client system when a user
connects to the server. (CVE-2019-17498)

Affected Software/OS:
'libssh2' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-17498
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/
http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html
https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/
https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498
https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480
https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c
https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html
https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html
https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html
SuSE Security Announcement: openSUSE-SU-2019:2483 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0343
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0343)
Resumen:	The remote host is missing an update for the 'libssh2' package(s) announced via the MGASA-2019-0343 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libssh2' package(s) announced via the MGASA-2019-0343 advisory. Vulnerability Insight: The updated packages fix a security vulnerability: In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. (CVE-2019-17498) Affected Software/OS: 'libssh2' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-17498 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/ http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/ https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498 https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480 https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html SuSE Security Announcement: openSUSE-SU-2019:2483 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html
Copyright	Copyright (C) 2022 Greenbone AG