Bug 1199511 (CVE-2015-1782)
| Summary: | CVE-2015-1782 libssh2: Using SSH_MSG_KEXINIT data unbounded | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Fabio Olive Leite <fleite> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | carnil, fleite, jrusnack, kdudka, paul, security-response-team, slawomir |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.libssh2.org/adv_20150311.html | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
A flaw was found in the way the kex_agree_methods() function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSH_MSG_KEXINIT packet to crash a connecting libssh2 client.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-11-20 05:45:22 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1226832 | ||
| Bug Blocks: | 1210268, 1225843 | ||
|
Description
Fabio Olive Leite
2015-03-06 14:27:32 UTC
External References: http://www.libssh2.org/adv_20150311.html I am adding Paul Howarth to CC as he is the maintainer of libssh2 in Fedora. Paul, could you please take this issue into consideration when updating to latest upstream in Fedora? According to the above information, the fix for this issue is likely going to be included in the upcoming upstream release of libssh2. Unfortunately, I am leaving for vacation today and will mostly be offline until March 18th. I believe the upcoming release is due this coming Wednesday, 11th March. Assuming the fix for this is included, that should address rawhide, but what about older releases (and indeed F-22)? Bump to 1.5.0 or just add the patch to the existing 1.4.3 builds? Hope you enjoy your vacation! (In reply to Paul Howarth from comment #7) > Assuming the fix for this is included, that should address rawhide, but what > about older releases (and indeed F-22)? Bump to 1.5.0 or just add the patch > to the existing 1.4.3 builds? It is really up to you. I am fine with both the solutions. > Hope you enjoy your vacation! Will do, thanks! I'll probably just bump them all up to 1.5.0 then to pull in all the bug fixes. Just submitted updates for F-20, F-21 and F-22 but bodhi refused to add references to either this bug or CVE-2015-1782, presumably because of the issue still being private in bugzilla? https://admin.fedoraproject.org/updates/libssh2-1.5.0-1.fc22 https://admin.fedoraproject.org/updates/libssh2-1.5.0-1.fc21 https://admin.fedoraproject.org/updates/libssh2-1.5.0-1.fc20 The upstream advisory has now moved to http://www.libssh2.org/adv_20150311.html by the way. libssh2-1.5.0-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. libssh2-1.5.0-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. libssh2-1.5.0-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2140 https://rhn.redhat.com/errata/RHSA-2015-2140.html |