Advisory ROSA-SA-2024-2333

Software: libssh 0.9.6
OS: ROSA Virtualization 2.1

package_evr_string: libssh-0.9.6-10.rv3.src.rpm

CVE-ID: CVE-2021-3634
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A bug was discovered in libssh for versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets throughout a session. One is called secret_hash and the other is called session_id. Initially both are the same, but after the keys are exchanged again, the previous session_id is stored and used as input for the new secret_hash. Historically, both of these buffers shared a common variable length, which worked as long as the buffers were the same. But a rekeying operation can also change the key exchange method, which can be based on a different sized hash, ultimately creating a different sized “secret_hash” than the session_id. This becomes a problem when the session_id memory is zeroed out or when it is reused during a second key exchange.
CVE-STATUS: Fixed
CVE-REV: Run the yum update libssh command to close it

CVE-ID: CVE-2023-1667
BDU-ID: 2023-03857
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the LibSSH client authentication library is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libssh command

CVE-ID: CVE-2023-2283
BDU-ID: 2023-05381
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the pki_verify_data_signature() function of the LibSSH client authentication library is related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions and gain unauthorized access to protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libssh command