A NULL dereference was found in libssh 0.5.3's publickey_from_privatekey() function. When a server using libssh receives a "Client: Key Exchange Init", the server sets up the session and tries to set the algorithms by matching what the user specified vs what is supported in crypt_set_algorithms_server(). If there is no match, it will lead to a NULL dereference when receiving the "Client: Diffie-Hellman Key Exchange Init" packet, which will cause the program using libssh to crash.
Created attachment 678235 [details] Patch for CVE-2013-0176
http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/
Fedora bugs are created automatically?
Created libssh tracking bugs for this issue Affects: fedora-all [bug 902992]
Sorry, no, I forgot about the time. =(
libssh-0.5.4-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
libssh-0.5.4-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.