UbuntuUpdates.org

Package "python3-asyncssh"

Name: python3-asyncssh

Description:

asyncio-based client and server implementation of SSHv2 protocol

Latest version: 2.5.0-1ubuntu0.1
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: python-asyncssh
Homepage: https://github.com/ronf/asyncssh

Links


Download "python3-asyncssh"


Other versions of "python3-asyncssh" in Jammy

Repository Area Version
base universe 2.5.0-1
security universe 2.5.0-1ubuntu0.1

Changelog

Version: 2.5.0-1ubuntu0.1 2024-11-18 12:06:51 UTC

  python-asyncssh (2.5.0-1ubuntu0.1) jammy-security; urgency=medium

  * Fix unit test cases failures
    - d/p/fix-test-dsa.patch: update DSA unit tests to not test
      interoperability with OpenSSH
    - d/p/fix-test-to-add-support-for-openssl-3.patch: add support for
      running test on system with openssl 3.0 installed

  * SECURITY UPDATE: message injection during handshake
    - d/p/CVE-2023-46445-and-CVE-2023-46446.patch: additional restrictions
      on when messages are accepted during the SSH handshake to avoid
      message injection attacks from a rogue client or server.
    - CVE-2023-46445
    - CVE-2023-46446

  * SECURITY UPDATE: Prefix truncation attack on BPP
    - d/p/CVE-2023-48795.patch: implement "strict key exchange" in
      connection.py
    - CVE-2023-48795

 -- Shishir Subedi <email address hidden> Tue, 12 Nov 2024 09:00:51 +0545

CVE-2023-46445 An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Ext
CVE-2023-46446 An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulati
CVE-2023-48795 The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integri



About   -   Send Feedback to @ubuntu_updates