Package "libssh"

Name: libssh


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • tiny C SSH library (OpenSSL flavor)
  • tiny C SSH library - Development files (OpenSSL flavor)
  • tiny C SSH library - Documentation files
  • tiny C SSH library (gcrypt flavor)

Latest version: 0.9.0-1ubuntu1.3
Release: eoan (19.10)
Level: updates
Repository: main


Save this URL for the latest version of "libssh": https://www.ubuntuupdates.org/libssh

Other versions of "libssh" in Eoan

Repository Area Version
base main 0.9.0-1ubuntu1
security main 0.9.0-1ubuntu1.3

Packages in group

Deleted packages are displayed in grey.


Version: 0.9.0-1ubuntu1.3 2019-12-10 20:07:07 UTC

  libssh (0.9.0-1ubuntu1.3) eoan-security; urgency=medium

  * SECURITY UPDATE: unsanitized location in scp could lead to unwanted
    command execution
    - debian/patches/CVE-2019-14889-1.patch: add tests for SCP client in
      tests/client/CMakeLists.txt, tests/client/torture_scp.c.
    - debian/patches/CVE-2019-14889-2.patch: reformat code in scp/scp.c.
    - debian/patches/CVE-2019-14889-3.patch: log SCP warnings received from
      the server in src/scp.c.
    - debian/patches/CVE-2019-14889-4.patch: add function to quote file
      names in include/libssh/misc.h, src/misc.c.
    - debian/patches/CVE-2019-14889-5.patch: add unit tests for
      ssh_quote_file_name() in tests/unittests/torture_misc.c.
    - debian/patches/CVE-2019-14889-6.patch: don't allow file path longer
      than 32kb in src/scp.c.
    - debian/patches/CVE-2019-14889-7.patch: quote location to be used on
      shell in src/scp.c.
    - CVE-2019-14889

 -- Marc Deslauriers <email address hidden> Tue, 10 Dec 2019 10:24:44 -0500

CVE-2019-14889 Unsanitized location in scp could lead to unwanted command execution

About   -   Send Feedback to @ubuntu_updates