Package "python-asyncssh"
Name: |
python-asyncssh
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- asyncio-based client and server implementation of SSHv2 protocol (doc)
- asyncio-based client and server implementation of SSHv2 protocol
|
Latest version: |
2.5.0-1ubuntu0.1 |
Release: |
jammy (22.04) |
Level: |
security |
Repository: |
universe |
Links
Other versions of "python-asyncssh" in Jammy
Packages in group
Deleted packages are displayed in grey.
Changelog
python-asyncssh (2.5.0-1ubuntu0.1) jammy-security; urgency=medium
* Fix unit test cases failures
- d/p/fix-test-dsa.patch: update DSA unit tests to not test
interoperability with OpenSSH
- d/p/fix-test-to-add-support-for-openssl-3.patch: add support for
running test on system with openssl 3.0 installed
* SECURITY UPDATE: message injection during handshake
- d/p/CVE-2023-46445-and-CVE-2023-46446.patch: additional restrictions
on when messages are accepted during the SSH handshake to avoid
message injection attacks from a rogue client or server.
- CVE-2023-46445
- CVE-2023-46446
* SECURITY UPDATE: Prefix truncation attack on BPP
- d/p/CVE-2023-48795.patch: implement "strict key exchange" in
connection.py
- CVE-2023-48795
-- Shishir Subedi <email address hidden> Tue, 12 Nov 2024 09:00:51 +0545
|
CVE-2023-46445 |
An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Ext |
CVE-2023-46446 |
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulati |
CVE-2023-48795 |
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integri |
|
About
-
Send Feedback to @ubuntu_updates