From http://www.openwall.com/lists/oss-security/2012/11/20/3 : As reported to distros@ on 20121114: A number of flaws were found in libssh prior to 0.5.3 by Xi Wang and Florian Weimer of the Red Hat Product Security Team: CVE-2012-4559: multiple double free() flaws CVE-2012-4560: multiple buffer overflow flaws CVE-2012-4561: multiple invalid free() flaws CVE-2012-4562: multiple improper overflow checks http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4559 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4560 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4561 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4562 Patches for the flaws are attached to the bugs in our bugzilla.
0.5.3 added to CVS. Feel free to start the stabilization process.
Arches, please test and mark stable =net-libs/libssh-0.5.3 Target keywords: amd64 ppc ppc64 x86
amd64 stable
Archtested on x86: Everything OK. - Package compiles with all USE-flags combinations and all 9 tests in the test phase pass. - Rdeps successfully compile and link against =net-libs/libssh-0.5.3 - Repoman reports no warnings. - Verified functionality of libssh by using net-analyzer/hydra, no discrepancies found.
ppc stable
CVE-2012-6063 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6063): Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559. CVE-2012-4562 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4562): Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities. CVE-2012-4561 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4561): The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an error path," which might allow remote attackers cause a denial of service (crash) via unspecified vectors. CVE-2012-4560 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4560): Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors. CVE-2012-4559 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4559): Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
stable ppc64
x86 done, Thanks Dan Dexter for testing. Last arch!
Thanks, everyone. GLSA draft ready.
Nothing to do for kde here anymore.
This issue was resolved and addressed in GLSA 201402-26 at http://security.gentoo.org/glsa/glsa-201402-26.xml by GLSA coordinator Chris Reffett (creffett).
