Package "python3-asyncssh"
| Name: |
python3-asyncssh
|
Description: |
asyncio-based client and server implementation of SSHv2 protocol
|
| Latest version: |
2.5.0-1ubuntu0.1 |
| Release: |
jammy (22.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
python-asyncssh |
| Homepage: |
https://github.com/ronf/asyncssh |
Links
Download "python3-asyncssh"
Other versions of "python3-asyncssh" in Jammy
Changelog
|
python-asyncssh (2.5.0-1ubuntu0.1) jammy-security; urgency=medium
* Fix unit test cases failures
- d/p/fix-test-dsa.patch: update DSA unit tests to not test
interoperability with OpenSSH
- d/p/fix-test-to-add-support-for-openssl-3.patch: add support for
running test on system with openssl 3.0 installed
* SECURITY UPDATE: message injection during handshake
- d/p/CVE-2023-46445-and-CVE-2023-46446.patch: additional restrictions
on when messages are accepted during the SSH handshake to avoid
message injection attacks from a rogue client or server.
- CVE-2023-46445
- CVE-2023-46446
* SECURITY UPDATE: Prefix truncation attack on BPP
- d/p/CVE-2023-48795.patch: implement "strict key exchange" in
connection.py
- CVE-2023-48795
-- Shishir Subedi <email address hidden> Tue, 12 Nov 2024 09:00:51 +0545
|
| CVE-2023-46445 |
An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Ext |
| CVE-2023-46446 |
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulati |
| CVE-2023-48795 |
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integri |
|
About
-
Send Feedback to @ubuntu_updates
