Package "libssh"
Name: |
libssh
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- tiny C SSH library (OpenSSL flavor)
- tiny C SSH library - Development files (OpenSSL flavor)
- tiny C SSH library - Documentation files
- tiny C SSH library (gcrypt flavor)
|
Latest version: |
0.10.4-2ubuntu0.3 |
Release: |
lunar (23.04) |
Level: |
security |
Repository: |
main |
Links
Other versions of "libssh" in Lunar
Packages in group
Deleted packages are displayed in grey.
Changelog
libssh (0.10.4-2ubuntu0.3) lunar-security; urgency=medium
* SECURITY UPDATE: code injection via ProxyCommand/ProxyJump hostname
- debian/patches/CVE-2023-6004-*.patch: validate hostnames.
- CVE-2023-6004
* SECURITY UPDATE: DoS via incorrect return value checks
- debian/patches/CVE-2023-6918-*.patch: check return values.
- CVE-2023-6918
-- Marc Deslauriers <email address hidden> Wed, 10 Jan 2024 13:47:51 -0500
|
Source diff to previous version |
CVE-2023-6004 |
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue |
CVE-2023-6918 |
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The r |
|
libssh (0.10.4-2ubuntu0.2) lunar-security; urgency=medium
* SECURITY UPDATE: Prefix truncation attack on BPP
- debian/patches/CVE-2023-48795-1.patch: add client side mitigation.
- debian/patches/CVE-2023-48795-2.patch: add server side mitigations.
- debian/patches/CVE-2023-48795-3.patch: strip extensions from both kex
lists for matching.
- debian/patches/CVE-2023-48795-4.patch: tests: adjust calculation to
strict kex.
- CVE-2023-48795
-- Marc Deslauriers <email address hidden> Mon, 18 Dec 2023 17:28:31 -0500
|
Source diff to previous version |
CVE-2023-48795 |
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integri |
|
libssh (0.10.4-2ubuntu0.1) lunar-security; urgency=medium
* SECURITY UPDATE: Potential NULL dereference during rekeying with
algorithm guessing
- debian/patches/CVE-2023-1667-*.patch: upstream patches to fix the
issue.
- CVE-2023-1667
* SECURITY UPDATE: Authorization bypass in pki_verify_data_signature
- debian/patches/CVE-2023-2283-*.patch: upstream patches to fix the
issue.
- CVE-2023-2283
-- Marc Deslauriers <email address hidden> Thu, 25 May 2023 13:11:29 -0400
|
CVE-2023-1667 |
A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a deni |
CVE-2023-2283 |
A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` functi |
|
About
-
Send Feedback to @ubuntu_updates