-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libssh Version : 0.6.3-4+deb8u4 CVE ID : CVE-2019-14889 Debian Bug : 946548
It was found that libssh, a tiny C SSH library, does not sufficiently sanitize path parameters provided to the server, allowing an attacker with only SCP file access to execute arbitrary commands on the server. For Debian 8 "Jessie", this problem has been fixed in version 0.6.3-4+deb8u4. We recommend that you upgrade your libssh packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl34zT4ACgkQnUbEiOQ2 gwJIUA/+PXXlcXZb5KgXPkz3vc2C9ZgvXsZAJXGI/+T+mbjeYeVhK80U/QSfaGQ+ wSMdfvXvw/yBOqhql6acRlYdvvxYrHF2jGUuaf0YD39hFCfoGKLDsrzi7qUtYMN5 vaP1XttiXKz3+/iMatVKD0VGZ+HueBz2ovDwlC9bNS06DfzknIszRI+KS3OlHPc+ BGjtJ9psMxiXkloF7b9+3SkZqqJ+J6XnaHBzcVh/vfsC8kxmfn/Yy8jkc1Ul0s+o 74H+uQJftJZL2doVljOteDNj7h2ljGbY63W5ZPm4mUBk5vy8Bj+P0sY2h9v+Yuey +bx6P+YNojtlwU89n3elpHhudB+zqHOa9accDqSyAvw7FsB7M0E9PM9oEjDdswI1 pd4FBkIEWdIpcoXBWPplKESt+Cz9Y4DiV0mPgYpp73jfH37B7C1afxbOxSn+/J8o 7QLg11NbcoLEnMbnjRa9jyYZG6c5PBPPXksaQP2LrqLuCBQDtSHcsEHkXmG8KGf2 5/Y/n+SwQf/HMozyoybAzhO6Q9K8qL64fz5gONxLZBakS6qKFE1RD9+sCHZBr/dM AKBUIp+8n0F/aNo6zRL+NVtSN7VShc25gxk80pfH/LjzGVeMgWkyQZ9Etb6Fbv6+ LfLvqKbjLC9kkQTr3sYH/Nv2aABtu2MAIB3D5EGpb2HpzKN0yec= =LgUv -----END PGP SIGNATURE-----
