UbuntuUpdates.org

Package "libssh"

Name: libssh

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • tiny C SSH library
  • tiny C SSH library. Debug symbols
  • tiny C SSH library. Development files
  • tiny C SSH library. Documentation files
Latest version: 0.6.1-0ubuntu3.5
Release: trusty (14.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libssh" in Trusty

Repository Area Version
base main 0.6.1-0ubuntu3
security main 0.6.1-0ubuntu3.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.6.1-0ubuntu3.5 2018-11-29 16:07:07 UTC

  libssh (0.6.1-0ubuntu3.5) trusty-security; urgency=medium

  * SECURITY REGRESSION: fix multiple regressions (LP: #1805348)
    - debian/patches/CVE-2018-10933-regression.patch: set correct state
      after sending INFO_REQUEST in src/server.c.
    - debian/patches/CVE-2018-10933-regression2.patch: add missing break in
      src/packet.c.
    - debian/patches/CVE-2018-10933-regression3.patch: set correct state
      after sending GSSAPI_RESPONSE in src/gssapi.c.

 -- Marc Deslauriers <email address hidden> Tue, 27 Nov 2018 10:05:25 -0500
Source diff to previous version
1805348 Recent security update broke server-side keyboard-interactive authentication
CVE-2018-10933 A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without fir

Version: 0.6.1-0ubuntu3.4 2018-10-17 14:06:30 UTC

  libssh (0.6.1-0ubuntu3.4) trusty-security; urgency=medium

  * SECURITY UPDATE: authentication bypass vulnerability
    - debian/patches/CVE-2018-10933-*.patch: add upstream patches to
      correct the issue.
    - CVE-2018-10933

 -- Marc Deslauriers <email address hidden> Tue, 16 Oct 2018 15:38:00 -0400
Source diff to previous version

Version: 0.6.1-0ubuntu3.3 2016-02-23 17:07:19 UTC

  libssh (0.6.1-0ubuntu3.3) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via incorrect SSH_MSG_NEWKEYS and
    KEXDH_REPLY packet handling
    - debian/patches/CVE-2015-3146.patch: fix state validation in
      src/packet_cb.c, src/server.c, src/buffer.c.
    - CVE-2015-3146
  * SECURITY UPDATE: weakness in diffie-hellman secret key generation
    - debian/patches/CVE-2016-0739.patch: fix bits/bytes confusion bug in
      src/dh.c.
    - CVE-2016-0739

 -- Marc Deslauriers <email address hidden> Tue, 23 Feb 2016 07:35:04 -0500
Source diff to previous version
CVE-2015-3146 null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets
CVE-2016-0739 Weak Diffie-Hellman secret generation in libssh

Version: 0.6.1-0ubuntu3.1 2015-01-19 17:07:31 UTC

  libssh (0.6.1-0ubuntu3.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted kexinit packet
    - debian/patches/CVE-2014-8132.patch: properly set slots to NULL in
      src/kex.c.
    - CVE-2014-8132
 -- Marc Deslauriers <email address hidden> Wed, 07 Jan 2015 12:03:32 -0500
CVE-2014-8132 Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denia


About   -   Send Feedback to @ubuntu_updates