[v2.6] Multiple vulnerabilities in libssh < 0.5.3 allows remote code execution
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4562
Solution:
- Upgrade to 0.5.3
or
- Patches:
http://git.libssh.org/projects/libssh.git/patch/?id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2
https://bugzilla.redhat.com/attachment.cgi?id=644998
https://bugzilla.redhat.com/attachment.cgi?id=644999
https://bugzilla.redhat.com/attachment.cgi?id=645002
https://bugzilla.redhat.com/attachment.cgi?id=645003
https://bugzilla.redhat.com/attachment.cgi?id=645004
https://bugzilla.redhat.com/attachment.cgi?id=645018
(from redmine: issue id 1492, created on 2012-12-05, closed on 2012-12-17)
- Changesets:
- Revision 105ad95e by Natanael Copa on 2012-12-07T09:31:02Z:
main/libssh: security upgrade to 0.5.3 (CVE-2012-4559,CVE-2012-4561,CVE-2012-4562)
fixes #1492