UbuntuUpdates.org

Package "libssh"

Name: libssh

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • tiny C SSH library (OpenSSL flavor)
  • tiny C SSH library. Debug symbols
  • tiny C SSH library. Development files (OpenSSL flavor)
  • tiny C SSH library. Documentation files

Latest version: 0.6.3-4.3ubuntu0.6
Release: xenial (16.04)
Level: updates
Repository: main

Links



Other versions of "libssh" in Xenial

Repository Area Version
base main 0.6.3-4.3
security main 0.6.3-4.3ubuntu0.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.6.3-4.3ubuntu0.6 2020-08-04 16:06:49 UTC

  libssh (0.6.3-4.3ubuntu0.6) xenial-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2020-16135-*.patch: fix a NULL dereference
      checking the return of ssh_buffer_new() and added others checks
      in src/sftpservcer.c, src/buffer.c.
    - CVE-2020-16135

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 31 Jul 2020 16:48:59 -0300

Source diff to previous version
CVE-2020-16135 libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.

Version: 0.6.3-4.3ubuntu0.5 2019-12-10 20:06:54 UTC

  libssh (0.6.3-4.3ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: unsanitized location in scp could lead to unwanted
    command execution
    - debian/patches/CVE-2019-14889-1.patch: reformat code in scp/scp.c.
    - debian/patches/CVE-2019-14889-2.patch: log SCP warnings received from
      the server in src/scp.c.
    - debian/patches/CVE-2019-14889-3.patch: add function to quote file
      names in include/libssh/misc.h, src/misc.c.
    - debian/patches/CVE-2019-14889-4.patch: don't allow file path longer
      than 32kb in src/scp.c.
    - debian/patches/CVE-2019-14889-5.patch: quote location to be used on
      shell in src/scp.c.
    - CVE-2019-14889

 -- Marc Deslauriers <email address hidden> Tue, 10 Dec 2019 10:32:29 -0500

Source diff to previous version
CVE-2019-14889 Unsanitized location in scp could lead to unwanted command execution

Version: 0.6.3-4.3ubuntu0.2 2018-11-29 16:07:10 UTC

  libssh (0.6.3-4.3ubuntu0.2) xenial-security; urgency=medium

  * SECURITY REGRESSION: fix multiple regressions (LP: #1805348)
    - debian/patches/CVE-2018-10933-regression.patch: set correct state
      after sending INFO_REQUEST in src/server.c.
    - debian/patches/CVE-2018-10933-regression2.patch: add missing break in
      src/packet.c.
    - debian/patches/CVE-2018-10933-regression3.patch: set correct state
      after sending GSSAPI_RESPONSE in src/gssapi.c.

 -- Marc Deslauriers <email address hidden> Tue, 27 Nov 2018 10:04:57 -0500

Source diff to previous version
1805348 Recent security update broke server-side keyboard-interactive authentication
CVE-2018-10933 A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without fir

Version: 0.6.3-4.3ubuntu0.1 2018-10-17 14:06:34 UTC

  libssh (0.6.3-4.3ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: authentication bypass vulnerability
    - debian/patches/CVE-2018-10933-*.patch: add upstream patches to
      correct the issue.
    - CVE-2018-10933

 -- Marc Deslauriers <email address hidden> Tue, 16 Oct 2018 15:05:17 -0400




About   -   Send Feedback to @ubuntu_updates