UbuntuUpdates.org

Package "libssh"

Name: libssh

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • tiny C SSH library (OpenSSL flavor)
  • tiny C SSH library - Development files (OpenSSL flavor)
  • tiny C SSH library - Documentation files
  • tiny C SSH library (gcrypt flavor)

Latest version: 0.9.0-1ubuntu1.4
Release: eoan (19.10)
Level: security
Repository: main

Links

Save this URL for the latest version of "libssh": https://www.ubuntuupdates.org/libssh



Other versions of "libssh" in Eoan

Repository Area Version
base main 0.9.0-1ubuntu1
updates main 0.9.0-1ubuntu1.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.9.0-1ubuntu1.4 2020-04-09 13:06:28 UTC

  libssh (0.9.0-1ubuntu1.4) eoan-security; urgency=medium

  * SECURITY UPDATE: denial of service via AES-CTR ciphers
    - debian/patches/CVE-2020-1730.patch: fix a possible segfault when
      zeroing AES-CTR key in src/libcrypto.c.
    - CVE-2020-1730

 -- Marc Deslauriers <email address hidden> Tue, 07 Apr 2020 12:56:33 -0400

Source diff to previous version

Version: 0.9.0-1ubuntu1.3 2019-12-10 19:07:08 UTC

  libssh (0.9.0-1ubuntu1.3) eoan-security; urgency=medium

  * SECURITY UPDATE: unsanitized location in scp could lead to unwanted
    command execution
    - debian/patches/CVE-2019-14889-1.patch: add tests for SCP client in
      tests/client/CMakeLists.txt, tests/client/torture_scp.c.
    - debian/patches/CVE-2019-14889-2.patch: reformat code in scp/scp.c.
    - debian/patches/CVE-2019-14889-3.patch: log SCP warnings received from
      the server in src/scp.c.
    - debian/patches/CVE-2019-14889-4.patch: add function to quote file
      names in include/libssh/misc.h, src/misc.c.
    - debian/patches/CVE-2019-14889-5.patch: add unit tests for
      ssh_quote_file_name() in tests/unittests/torture_misc.c.
    - debian/patches/CVE-2019-14889-6.patch: don't allow file path longer
      than 32kb in src/scp.c.
    - debian/patches/CVE-2019-14889-7.patch: quote location to be used on
      shell in src/scp.c.
    - CVE-2019-14889

 -- Marc Deslauriers <email address hidden> Tue, 10 Dec 2019 10:24:44 -0500

CVE-2019-14889 Unsanitized location in scp could lead to unwanted command execution



About   -   Send Feedback to @ubuntu_updates