libssh security, bug fix, and enhancement update

0.9.4-2 - Do not return error when server properly closed the channel 1849071 - Add a test for CVE-2019-14889 - Do not parse configuration file in tortureknownhosts test 0.9.4-1 - Update to version 0.9.4 https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ - Fixed...

libssh: unsanitized location in scp could lead to unwanted command execution

A flaw was found with the libssh API function sshscpnew. A user able to connect to a server using SCP could execute arbitrary command using a user-provided path, leading to a compromise of the remote target...

libssh: denial of service when handling AES-CTR (or DES) ciphers

A flaw was found in the way libssh handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system...

Moderate: Red Hat Security Advisory: libssh security, bug fix, and enhancement update

An update for libssh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RHEL 8 : libssh (RHSA-2020:4545)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4545 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages ha...

RLSA-2020:4545 Moderate: libssh security, bug fix, and enhancement update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages have been upgraded to a later upstream version: libssh 0.9.4. BZ1804797 Security Fixes: libssh: denial of service when handling AES-CTR or DES ciphers...

Moderate: libssh security, bug fix, and enhancement update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages have been upgraded to a later upstream version: libssh 0.9.4. BZ1804797 Security Fixes: libssh: denial of service when handling AES-CTR or DES ciphers...

libssh security, bug fix, and enhancement update

An update is available for libssh. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libssh is a library which implements the SSH protocol. It can be used to...

libssh: Denial of service

Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description libssh was found to have a NULL pointer dereference in tftpserver.c if the function sshbuffernew returns NULL. Impact An attacker could cause a possible Denial of Service conditio...

GLSA-202011-05 : libssh: Denial of service

The remote host is affected by the vulnerability described in GLSA-202011-05 libssh: Denial of service libssh was found to have a NULL pointer dereference in tftpserver.c if the function sshbuffernew returns NULL. Impact : An attacker could cause a possible Denial of Service condition. Workaround...

Fedora: Security Advisory for libssh (FEDORA-2020-ac3e29073f)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: libssh-0.9.5-1.fc33

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

Fedora: Security Advisory for libssh (FEDORA-2020-f4f5e49cb8)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 32 : libssh (2020-f4f5e49cb8)

Update to version 0.9.5 - https://www.libssh.org/2020/09/10/libssh-0-9-5/ - Fixes CVE-2020-16135 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...

Denial Of Service (DoS)

libssh is vulnerable to denial of service. A NULL pointer dereference occurs in tftpserver.c when sshbuffernew returns NULL, resulting in a denial of service condition...

Updated libssh packages fix security vulnerability

The code in src/sftpserver.c did not verify the validity of certain pointers and expected them to be valid. A NULL pointer dereference could have been occurred that typically causes a crash and thus a denial-of-service CVE-2020-16135...

MGASA-2020-0324 Updated libssh packages fix security vulnerability

The code in src/sftpserver.c did not verify the validity of certain pointers and expected them to be valid. A NULL pointer dereference could have been occurred that typically causes a crash and thus a denial-of-service CVE-2020-16135...

Denial Of Service (DoS)

libssh is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : libssh vulnerability (USN-4447-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4447-1 advisory. It was discovered that libssh incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service...

Ubuntu: Security Advisory (USN-4447-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...