UbuntuUpdates.org

Package "libssh-4"

Name: libssh-4

Description:

tiny C SSH library (OpenSSL flavor)

Latest version: 0.9.3-2ubuntu2.5
Release: focal (20.04)
Level: security
Repository: main
Head package: libssh
Homepage: https://www.libssh.org/

Links


Download "libssh-4"


Other versions of "libssh-4" in Focal

Repository Area Version
base main 0.9.3-2ubuntu2
updates main 0.9.3-2ubuntu2.5

Changelog

Version: 0.9.3-2ubuntu2.5 2024-01-22 15:07:00 UTC

  libssh (0.9.3-2ubuntu2.5) focal-security; urgency=medium

  * SECURITY UPDATE: code injection via ProxyCommand/ProxyJump hostname
    - debian/patches/CVE-2023-6004-*.patch: validate hostnames.
    - CVE-2023-6004
  * SECURITY UPDATE: DoS via incorrect return value checks
    - debian/patches/CVE-2023-6918-*.patch: check return values.
    - CVE-2023-6918

 -- Marc Deslauriers <email address hidden> Thu, 11 Jan 2024 07:46:38 -0500

Source diff to previous version
CVE-2023-6004 A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue
CVE-2023-6918 A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The r

Version: 0.9.3-2ubuntu2.4 2023-12-19 16:08:31 UTC

  libssh (0.9.3-2ubuntu2.4) focal-security; urgency=medium

  * SECURITY UPDATE: Prefix truncation attack on BPP
    - debian/patches/CVE-2023-48795-1.patch: add client side mitigation.
    - debian/patches/CVE-2023-48795-2.patch: add server side mitigations.
    - debian/patches/CVE-2023-48795-3.patch: strip extensions from both kex
      lists for matching.
    - debian/patches/CVE-2023-48795-4.patch: tests: adjust calculation to
      strict kex.
    - CVE-2023-48795

 -- Marc Deslauriers <email address hidden> Mon, 18 Dec 2023 17:32:08 -0500

Source diff to previous version
CVE-2023-48795 The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integri

Version: 0.9.3-2ubuntu2.3 2023-06-05 16:07:15 UTC

  libssh (0.9.3-2ubuntu2.3) focal-security; urgency=medium

  * SECURITY UPDATE: Potential NULL dereference during rekeying with
    algorithm guessing
    - debian/patches/CVE-2023-1667-*.patch: upstream patches to fix the
      issue.
    - CVE-2023-1667
  * SECURITY UPDATE: Authorization bypass in pki_verify_data_signature
    - debian/patches/CVE-2023-2283-*.patch: upstream patches to fix the
      issue.
    - CVE-2023-2283

 -- Marc Deslauriers <email address hidden> Fri, 26 May 2023 07:10:23 -0400

Source diff to previous version
CVE-2023-1667 A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a deni
CVE-2023-2283 A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` functi

Version: 0.9.3-2ubuntu2.2 2021-08-26 17:06:22 UTC

  libssh (0.9.3-2ubuntu2.2) focal-security; urgency=medium

  * SECURITY UPDATE: possible heap-buffer overflow when rekeying
    - debian/patches/CVE-2021-3634.patch: create a separate length for
      session_id in include/libssh/crypto.h, src/gssapi.c, src/kdf.c,
      src/kex.c, src/libcrypto.c, src/messages.c, src/packet.c, src/pki.c,
      src/wrapper.c, tests/unittests/torture_session_keys.c.
    - CVE-2021-3634

 -- Marc Deslauriers <email address hidden> Wed, 18 Aug 2021 11:35:51 -0400

Source diff to previous version
CVE-2021-3634 Possible heap-buffer overflow when rekeying

Version: 0.9.3-2ubuntu2.1 2020-08-04 16:06:52 UTC

  libssh (0.9.3-2ubuntu2.1) focal-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2020-16135-*.patch: fix a NULL dereference
      checking the return of ssh_buffer_new() and added others checks
      in src/sftpservcer.c, src/buffer.c.
    - CVE-2020-16135

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 31 Jul 2020 15:38:31 -0300

CVE-2020-16135 libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.



About   -   Send Feedback to @ubuntu_updates