[slackware-security] libssh

New libssh packages are available for Slackware 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libssh-0.10.5-i586-1slack15.0.txz: Upgraded. This update fixes security issues: A NULL dereference during rekeying with algorit...

Slackware Linux 14.2 / 15.0 / current libssh Multiple Vulnerabilities (SSA:2023-124-01)

The version of libssh installed on the remote host is prior to 0.10.5. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-124-01 advisory. - A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in...

PT-2023-4889 · Libssh +9 · Libssh +9

Name of the Vulnerable Software and Affected Versions: libssh versions 0.9.6 through 0.10.4 Description: A vulnerability in the pki verify data signature function of the libssh library for client authentication is related to shortcomings in the authentication procedure. This issue may allow a...

PT-2023-3584 · Libssh +10 · Libssh +10

Name of the Vulnerable Software and Affected Versions: libssh affected versions not specified Description: A NULL pointer dereference was found in libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. The vulnerability is relat...

Debian: Security Advisory (DLA-425-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K52868493: libssh vulnerability CVE-2018-10933

Security Advisory Description A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. CVE-2018-10933 Impact There is no impact. F5 products...

K05295501: libssh vulnerability CVE-2020-1730

Security Advisory Description A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when...

K57255643: libssh vulnerability CVE-2016-0739

Security Advisory Description libssh before 0.7.3 improperly truncates ephemeral secrets generated for the 1 diffie-hellman-group1 and 2 diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via...

SUSE CVE-2012-4559

Multiple double free vulnerabilities in the 1 agentsigndata function in agent.c, 2 channelrequest function in channels.c, 3 sshuserauthpubkey function in auth.c, 4 sftpparseattr3 function in sftp.c, and 5 trypublickeyfromfile function in keyfiles.c in libssh before 0.5.3 allow remote attackers to...

SUSE CVE-2012-4561

The 1 publickeymakedss, 2 publickeymakersa, 3 signaturefromstring, 4 sshdosign, and 5 sshsignsessionid functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an error path," which might allow remote attackers to cause a denial of service crash via unspecified vectors...

SUSE CVE-2012-4562

Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service infinite loop or crash and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities...

SUSE CVE-2012-4560

Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via unspecified vectors...

SUSE CVE-2013-0176

The publickeyfromprivatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a "Client: Diffie-Hellman Key Exchange Init" packet...

SUSE CVE-2014-0017

The RANDbytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator PRNG, which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid...

SUSE CVE-2015-3146

The 1 SSHMSGNEWKEYS and 2 SSHMSGKEXDHREPLY packet handlers in packagecb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted SSH packet...

SUSE CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access...

SUSE CVE-2020-1730

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The bigges...

SUSE CVE-2020-16135

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if sshbuffernew returns NULL...

SUSE CVE-2021-3634

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in libssh, caused by improper bounds checking.(CVE-2021-3634).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in libssh, caused by improper bounds checking CVE-2021-3634. Libssh, included in RedHat, is used in the base operating system by IBM Watson Speech. Please read the details for...