{"id":"MGASA-2015-0107","summary":"Updated libssh2 packages fix CVE-2015-1782","details":"Updated libssh2 packages fix security vulnerability:\n\nMariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading\nand using the SSH_MSG_KEXINIT packet without doing sufficient range checks\nwhen negotiating a new SSH session with a remote server. A malicious attacker\ncould man in the middle a real server and cause a client using the libssh2\nlibrary to crash (denial of service) or otherwise read and use unintended\nmemory areas in this process (CVE-2015-1782).\n","modified":"2026-02-04T04:37:17.230264Z","published":"2015-03-12T15:30:53Z","related":["CVE-2015-1782"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0107.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15470"},{"type":"REPORT","url":"http://www.libssh2.org/adv_20150311.html"},{"type":"REPORT","url":"https://www.debian.org/security/2015/dsa-3182"}],"affected":[{"package":{"name":"libssh2","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/libssh2?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.3-3.1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0107.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}