UbuntuUpdates.org

Package "libssh-dev"

Name: libssh-dev

Description:

tiny C SSH library. Development files (OpenSSL flavor)

Latest version: 0.8.0~20170825.94fa1e38-1ubuntu0.6
Release: bionic (18.04)
Level: security
Repository: main
Head package: libssh
Homepage: https://www.libssh.org/

Links


Download "libssh-dev"


Other versions of "libssh-dev" in Bionic

Repository Area Version
base main 0.8.0~20170825.94fa1e38-1build1
updates main 0.8.0~20170825.94fa1e38-1ubuntu0.6

Changelog

Version: 0.8.0~20170825.94fa1e38-1ubuntu0.6 2020-04-09 15:06:31 UTC

  libssh (0.8.0~20170825.94fa1e38-1ubuntu0.6) bionic-security; urgency=medium

  * SECURITY UPDATE: denial of service via AES-CTR ciphers
    - debian/patches/CVE-2020-1730.patch: fix a possible segfault when
      zeroing AES-CTR key in src/libcrypto.c.
    - CVE-2020-1730

 -- Marc Deslauriers <email address hidden> Tue, 07 Apr 2020 13:16:14 -0400

Source diff to previous version

Version: 0.8.0~20170825.94fa1e38-1ubuntu0.5 2019-12-10 19:07:05 UTC

  libssh (0.8.0~20170825.94fa1e38-1ubuntu0.5) bionic-security; urgency=medium

  * SECURITY UPDATE: unsanitized location in scp could lead to unwanted
    command execution
    - debian/patches/CVE-2019-14889-1.patch: reformat code in scp/scp.c.
    - debian/patches/CVE-2019-14889-2.patch: log SCP warnings received from
      the server in src/scp.c.
    - debian/patches/CVE-2019-14889-3.patch: add function to quote file
      names in include/libssh/misc.h, src/misc.c.
    - debian/patches/CVE-2019-14889-4.patch: don't allow file path longer
      than 32kb in src/scp.c.
    - debian/patches/CVE-2019-14889-5.patch: quote location to be used on
      shell in src/scp.c.
    - CVE-2019-14889

 -- Marc Deslauriers <email address hidden> Tue, 10 Dec 2019 10:30:36 -0500

Source diff to previous version
CVE-2019-14889 Unsanitized location in scp could lead to unwanted command execution

Version: 0.8.0~20170825.94fa1e38-1ubuntu0.2 2018-11-29 16:07:11 UTC

  libssh (0.8.0~20170825.94fa1e38-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY REGRESSION: fix multiple regressions (LP: #1805348)
    - debian/patches/CVE-2018-10933-regression.patch: set correct state
      after sending INFO_REQUEST in src/server.c.
    - debian/patches/CVE-2018-10933-regression2.patch: add missing break in
      src/packet.c.
    - debian/patches/CVE-2018-10933-regression3.patch: set correct state
      after sending GSSAPI_RESPONSE in src/gssapi.c.

 -- Marc Deslauriers <email address hidden> Tue, 27 Nov 2018 10:01:15 -0500

Source diff to previous version
1805348 Recent security update broke server-side keyboard-interactive authentication
CVE-2018-10933 A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without fir

Version: 0.8.0~20170825.94fa1e38-1ubuntu0.1 2018-10-17 14:06:35 UTC

  libssh (0.8.0~20170825.94fa1e38-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: authentication bypass vulnerability
    - debian/patches/CVE-2018-10933-*.patch: add upstream patches to
      correct the issue.
    - CVE-2018-10933

 -- Marc Deslauriers <email address hidden> Tue, 16 Oct 2018 14:26:47 -0400




About   -   Send Feedback to @ubuntu_updates