{"id":"MGASA-2020-0171","summary":"Updated libssh packages fix security vulnerability","details":"Updated libssh packages fix security vulnerability:\n\nA malicious client or server could crash the counterpart implemented\nwith libssh AES-CTR ciphers are used and don't get fully initialized.\nIt will crash when it tries to cleanup the AES-CTR ciphers when\nclosing the connection (CVE-2020-1730).\n","modified":"2026-02-01T16:17:35.741800Z","published":"2020-04-15T10:12:14Z","related":["CVE-2020-1730"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0171.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26462"},{"type":"REPORT","url":"https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/"}],"affected":[{"package":{"name":"libssh","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/libssh?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.9-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0171.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}