UbuntuUpdates.org

Package "python3-asyncssh"

Name: python3-asyncssh

Description:

asyncio-based client and server implementation of SSHv2 protocol
Latest version: 1.12.2-1ubuntu0.2
Release: focal (20.04)
Level: updates
Repository: universe
Head package: python-asyncssh
Homepage: https://github.com/ronf/asyncssh

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python3-asyncssh"

All arch deb package
APT INSTALL

Other versions of "python3-asyncssh" in Focal

Repository Area Version
base universe 1.12.2-1
security universe 1.12.2-1ubuntu0.2

Changelog

Version: 1.12.2-1ubuntu0.2 2024-11-18 12:06:50 UTC

  python-asyncssh (1.12.2-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: message injection during handshake
    - d/p/CVE-2023-46445-and-CVE-2023-46446.patch: additional restrictions
      on when messages are accepted during the SSH handshake to avoid
      message injection attacks from a rogue client or server
    - CVE-2023-46445
    - CVE-2023-46446

  * Fix FTBFS due to missing dependency on previous version
    - debian/control: add dh-python on Build-Depends

 -- Shishir Subedi <email address hidden> Wed, 13 Nov 2024 10:07:23 +0545
Source diff to previous version
CVE-2023-46445 An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Ext
CVE-2023-46446 An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulati

Version: 1.12.2-1ubuntu0.1 2024-10-02 08:07:02 UTC

  python-asyncssh (1.12.2-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Prefix truncation attack on BPP
    - debian/patches/CVE-2023-48795.patch: implement "strict key exchange"
      in connection.py
    - CVE-2023-48795

 -- Shishir Subedi <email address hidden> Thu, 26 Sep 2024 15:35:58 +0545
CVE-2023-48795 The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integri


About   -   Send Feedback to @ubuntu_updates