curl: libssh backend CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 validation bypass

Summary: If libcurl is built against libssh CURLOPTSSHHOSTPUBLICKEYSHA256 is quietly ignored. As a result a SSH connection will be established even if the SHA256 key set doesn't match. Steps To Reproduce: 1. configure libcurl with libssh and build it 2. curl --hostpubsha256 HOSTFINGERPRINTHERE...

Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID:CVE-2021-38185 DESCRIPTION: GNU cpio could allow a remote attacker to execute arbitrary code on the system, caused by an integer...

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to CVE-2021-3634

Summary libssh is part of the base OS modules in all operand images in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container is not directly vulnerable under standard operations, but custom use of the images may be vulnerable to arbitrary code execution...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from gzip, jackson-databind, libssh, gnutls, nettle and zlib

Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.5-x packages gzip, libssh, gnutls, nettle, zlib and jackson-databind that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID: CVE-2021-3634 DESCRIPTION: libssh is...

Oracle Linux 8 : libssh (ELSA-2022-2031)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-2031 advisory. - Fix CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism Tenable has extracted the preceding description block...

Rocky Linux 8 : libssh (RLSA-2022:2031)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:2031 advisory. - A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them ...

new packages: libssh

An update is available for libssh. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.0...

libssh security, bug fix, and enhancement update

0.9.6-3 - Remove STI tests 0.9.6-2 - Remove bad patch causing errors - Adding BuildRequires for openssh SSHD support 0.9.6-1 - Fix CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism - Rebase to version 0.9.6 - Rename SSHDEXECUTABLE to SSHEXECUTABL...

AlmaLinux 8 : libssh (ALSA-2022:2031)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:2031 advisory. - A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is...

RHEL 8 : libssh (RHSA-2022:2031)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:2031 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages have been...

libssh: possible heap-based buffer overflow when rekeying

A flaw has been found in libssh. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept and used as an input to new...

Low: Red Hat Security Advisory: libssh security, bug fix, and enhancement update

An update for libssh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

ALSA-2022:2031 Low: libssh security, bug fix, and enhancement update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages have been upgraded to a later upstream version: libssh 0.9.6. BZ1896651 Security Fixes: libssh: possible heap-based buffer overflow when rekeying CVE-2021-3634...

Low: libssh security, bug fix, and enhancement update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages have been upgraded to a later upstream version: libssh 0.9.6. BZ1896651 Security Fixes: libssh: possible heap-based buffer overflow when rekeying CVE-2021-3634...

libssh security, bug fix, and enhancement update

An update is available for libssh. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libssh is a library which implements the SSH protocol. It can be used to...

RLSA-2022:2031 Low: libssh security, bug fix, and enhancement update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages have been upgraded to a later upstream version: libssh 0.9.6. BZ1896651 Security Fixes: libssh: possible heap-based buffer overflow when rekeying CVE-2021-3634...

CentOS 8 : libssh (CESA-2022:2031)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:2031 advisory. - libssh: possible heap-based buffer overflow when rekeying CVE-2021-3634 Note that Nessus has not tested for this issue but has instead relied only on the...

Oracle MySQL Workbench < 8.0.29 (Jan 2022)

The version of Oracle MySQL Workbench installed on the remote Windows host is prior to 8.0.29. It is, therefore, affected by a vulnerability in the MySQL Workbench product of Oracle MySQL component: Workbench: libssh. Supported versions that are affected are 8.0.28 and prior. Easily exploitable...

Slackware: Security Advisory (SSA:2018-289-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2016-057-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...