CVE-2012-4559

Publication date 20 November 2012

Last updated 24 July 2024


Ubuntu priority

Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Status

Package Ubuntu Release Status
libssh 12.10 quantal
Fixed 0.5.2-1ubuntu0.12.10.1
12.04 LTS precise
Fixed 0.5.2-1ubuntu0.12.04.1
11.10 oneiric
Fixed 0.5.2-1ubuntu0.11.10.1
10.04 LTS lucid
Fixed 0.4.2-1ubuntu1.1
8.04 LTS hardy Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
libssh

References

Related Ubuntu Security Notices (USN)

    • USN-1640-1
    • libssh vulnerabilities
    • 26 November 2012

Other references