UbuntuUpdates.org

Package "python-asyncssh"

Name: python-asyncssh

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • asyncio-based client and server implementation of SSHv2 protocol (doc)
  • asyncio-based client and server implementation of SSHv2 protocol
Latest version: 1.12.2-1ubuntu0.2
Release: focal (20.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "python-asyncssh" in Focal

Repository Area Version
base universe 1.12.2-1
updates universe 1.12.2-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.12.2-1ubuntu0.2 2024-11-18 10:06:54 UTC

  python-asyncssh (1.12.2-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: message injection during handshake
    - d/p/CVE-2023-46445-and-CVE-2023-46446.patch: additional restrictions
      on when messages are accepted during the SSH handshake to avoid
      message injection attacks from a rogue client or server
    - CVE-2023-46445
    - CVE-2023-46446

  * Fix FTBFS due to missing dependency on previous version
    - debian/control: add dh-python on Build-Depends

 -- Shishir Subedi <email address hidden> Wed, 13 Nov 2024 10:07:23 +0545
Source diff to previous version
CVE-2023-46445 An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Ext
CVE-2023-46446 An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulati

Version: 1.12.2-1ubuntu0.1 2024-10-02 07:06:49 UTC

  python-asyncssh (1.12.2-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Prefix truncation attack on BPP
    - debian/patches/CVE-2023-48795.patch: implement "strict key exchange"
      in connection.py
    - CVE-2023-48795

 -- Shishir Subedi <email address hidden> Thu, 26 Sep 2024 15:35:58 +0545
CVE-2023-48795 The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integri


About   -   Send Feedback to @ubuntu_updates