Package: libssh / 0.5.4-1+deb7u3

Metadata

Package Version Patches format
libssh 0.5.4-1+deb7u3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 disable latex documentation.patch | (download)

doc/doxy.config.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 be sure we never build latex documentation
0002 fix html doc generation.patch | (download)

doc/doxy.config.in | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 do not exclude "*/build/*" directory as buildd use that path
0003 fix typo.patch | (download)

src/server.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix typo
0004 security fix for vulnerability CVE 2014 0017.patch | (download)

include/libssh/wrapper.h | 1 1 + 0 - 0 !
src/bind.c | 3 2 + 1 - 0 !
src/libcrypto.c | 9 9 + 0 - 0 !
src/libgcrypt.c | 3 3 + 0 - 0 !
4 files changed, 15 insertions(+), 1 deletion(-)

 [patch] security: fix for vulnerability cve-2014-0017

When accepting a new connection, a forking server based on libssh forks
and the child process handles the request. The RAND_bytes() function of
openssl doesn't reset its state after the fork, but simply adds the
current process id (getpid) to the PRNG state, which is not guaranteed
to be unique.
This can cause several children to end up with same PRNG state which is
a security issue.

Conflicts:
	src/bind.c

0005 security fix for vulnerability CVE 2014 8132.patch | (download)

src/kex.c | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 [patch] cve-2014-8132: fixup error path in ssh_packet_kexinit()

Before this change, dangling pointers can be unintentionally left in the
respective next_crypto kex methods slots.  Ensure to set all slots to
NULL in the error-out path.

Signed-off-by: Jon Simons <jon@jonsimons.org>
0006 security fix for vulnerability CVE 2015 3146.patch | (download)

src/buffer.c | 6 6 + 0 - 0 !
src/client.c | 4 2 + 2 - 0 !
src/server.c | 1 1 + 0 - 0 !
3 files changed, 9 insertions(+), 2 deletions(-)

 [patch 1/2] cve-2015-3146: fix state validation in packet handlers

The state validation in the packet handlers for SSH_MSG_NEWKEYS and
SSH_MSG_KEXDH_REPLY had a bug which did not raise an error.

The issue has been found and reported by Mariusz Ziule.

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
0007 CVE 2016 0739.patch | (download)

src/dh.c | 12 7 + 5 - 0 !
1 file changed, 7 insertions(+), 5 deletions(-)

 cve-2016-0739: truncated diffie-hellman secret length