PublicDateAtUSN: 2014-12-28
Candidate: CVE-2014-8132
PublicDate: 2014-12-29 00:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8132
 http://www.libssh.org/security/advisories/CVE-2014-8132.txt
 http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/
 https://ubuntu.com/security/notices/USN-2478-1
Description:
 Double free vulnerability in the ssh_packet_kexinit function in kex.c in
 libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a
 denial of service via a crafted kexinit packet.
Ubuntu-Description:
Notes:
 mdeslaur> 0.5.1 and higher
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773577
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_libssh:
 upstream: http://git.libssh.org/projects/libssh.git/commit/?id=c2aed4ca78030d9014a890cb4370e6dc8264823f
upstream_libssh: released (0.6.4)
lucid_libssh: ignored (reached end-of-life)
precise_libssh: released (0.5.2-1ubuntu0.12.04.4)
trusty_libssh: released (0.6.1-0ubuntu3.1)
trusty/esm_libssh: DNE (trusty was released [0.6.1-0ubuntu3.1])
utopic_libssh: released (0.6.3-2ubuntu1.1)
devel_libssh: released (0.6.3-3ubuntu2)