UbuntuUpdates.org

Package "libssh-gcrypt-4"

Name: libssh-gcrypt-4

Description:

tiny C SSH library (gcrypt flavor)

Latest version: 0.6.3-4.3ubuntu0.6
Release: xenial (16.04)
Level: security
Repository: main
Head package: libssh
Homepage: http://www.libssh.org/

Links


Download "libssh-gcrypt-4"


Other versions of "libssh-gcrypt-4" in Xenial

Repository Area Version
base main 0.6.3-4.3
updates main 0.6.3-4.3ubuntu0.6

Changelog

Version: 0.6.3-4.3ubuntu0.6 2020-08-04 16:06:48 UTC

  libssh (0.6.3-4.3ubuntu0.6) xenial-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2020-16135-*.patch: fix a NULL dereference
      checking the return of ssh_buffer_new() and added others checks
      in src/sftpservcer.c, src/buffer.c.
    - CVE-2020-16135

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 31 Jul 2020 16:48:59 -0300

Source diff to previous version
CVE-2020-16135 libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.

Version: 0.6.3-4.3ubuntu0.5 2019-12-10 19:07:02 UTC

  libssh (0.6.3-4.3ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: unsanitized location in scp could lead to unwanted
    command execution
    - debian/patches/CVE-2019-14889-1.patch: reformat code in scp/scp.c.
    - debian/patches/CVE-2019-14889-2.patch: log SCP warnings received from
      the server in src/scp.c.
    - debian/patches/CVE-2019-14889-3.patch: add function to quote file
      names in include/libssh/misc.h, src/misc.c.
    - debian/patches/CVE-2019-14889-4.patch: don't allow file path longer
      than 32kb in src/scp.c.
    - debian/patches/CVE-2019-14889-5.patch: quote location to be used on
      shell in src/scp.c.
    - CVE-2019-14889

 -- Marc Deslauriers <email address hidden> Tue, 10 Dec 2019 10:32:29 -0500

Source diff to previous version
CVE-2019-14889 Unsanitized location in scp could lead to unwanted command execution

Version: 0.6.3-4.3ubuntu0.2 2018-11-29 15:07:15 UTC

  libssh (0.6.3-4.3ubuntu0.2) xenial-security; urgency=medium

  * SECURITY REGRESSION: fix multiple regressions (LP: #1805348)
    - debian/patches/CVE-2018-10933-regression.patch: set correct state
      after sending INFO_REQUEST in src/server.c.
    - debian/patches/CVE-2018-10933-regression2.patch: add missing break in
      src/packet.c.
    - debian/patches/CVE-2018-10933-regression3.patch: set correct state
      after sending GSSAPI_RESPONSE in src/gssapi.c.

 -- Marc Deslauriers <email address hidden> Tue, 27 Nov 2018 10:04:57 -0500

Source diff to previous version
1805348 Recent security update broke server-side keyboard-interactive authentication
CVE-2018-10933 A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without fir

Version: 0.6.3-4.3ubuntu0.1 2018-10-17 14:06:33 UTC

  libssh (0.6.3-4.3ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: authentication bypass vulnerability
    - debian/patches/CVE-2018-10933-*.patch: add upstream patches to
      correct the issue.
    - CVE-2018-10933

 -- Marc Deslauriers <email address hidden> Tue, 16 Oct 2018 15:05:17 -0400




About   -   Send Feedback to @ubuntu_updates