You are here
Home > Preporuke > Ranjivost programske biblioteke libssh

Ranjivost programske biblioteke libssh

  • Detalji os-a: FED
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2015-05-06 05:59:25

Name : libssh
Product : Fedora 21
Version : 0.6.5
Release : 1.fc21
Summary : A library implementing the SSH protocol
Description :
The ssh library was designed to be used by programmers needing a working SSH
implementation by the mean of a library. The complete control of the client is
made by the programmer. With libssh, you can remotely execute programs, transfer
files, use a secure and transparent tunnel for your remote programs. With its
Secure FTP implementation, you can play with remote files easily, without
third-party programs others than libcrypto (from openssl).

Update Information:

Security fix for CVE-2015-3146

* Thu Apr 30 2015 Andreas Schneider <> – 0.6.5-1
– resolves: #1213775 – Security fix for CVE-2015-3146
– resolves: #1218076 – Security fix for CVE-2015-3146
* Fri Dec 19 2014 – Andreas Schneider <> – 0.6.4-1
– Security fix for CVE-2014-8132.

[ 1 ] Bug #1213775 – CVE-2015-3146 libssh: null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets

This update can be installed with the “yum” update program. Use
su -c ‘yum update libssh’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorTomislav Protega
Cert idNCERT-REF-2015-05-0049-ADV
CveCVE-2015-3146 CVE-2014-8132
ID izvornikaFEDORA-2015-7590
More in Preporuke
Sigurnosni nedostatak programskog paketa gnutls

Otkriven je sigurnosni nedostatak u programskom paketu gnutls za Fedoru. Nedostatak se isticao prihvaćanjem MD5 potpisa (inicijalno onemogućeno) unutar poruke...