[slackware-security] libssh

New libssh packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libssh-0.7.6-i586-1slack14.2.txz: Upgraded. Fixed authentication bypass vulnerability. For more information, see:...

DSA-4322-1 libssh - security update

Bulletin has no description...

Security fix for the ALT Linux 9 package libssh version 0.8.4-alt1

Oct. 17, 2018 Sergey V Turchin 0.8.4-alt1 - new version - security fix: CVE-2018-10933...

Security fix for the ALT Linux 8 package libssh version 0.8.4-alt2

Oct. 17, 2018 Sergey V Turchin 0.8.4-alt2 - fix changelog - security fixes: CVE-2018-10933...

Security fix for the ALT Linux 9 package libssh version 0.8.4-alt2

Oct. 17, 2018 Sergey V Turchin 0.8.4-alt2 - fix changelog - security fixes: CVE-2018-10933...

libssh 0.6.x / 0.7.x < 0.7.6 / 0.8.x < 0.8.4 Authentication Bypass (Remote Version Check)

According to its banner version, the remote libssh based server is vulnerable to an authentication bypass. An attacker can bypass authentication by presenting a SSH2MSGUSERAUTHSUCCESS message in place of the SSH2MSGUSERAUTHREQUEST method that normally would initiate authentication. Note that Ness...

libssh SSH Server Detection (SSH Banner)

SSH banner-based detection of a SSH server using libssh. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security fix for the ALT Linux 8 package libssh version 0.8.4-alt1

Oct. 17, 2018 Sergey V Turchin 0.8.4-alt1 - new version - security fix: CVE-2018-10933...

[ASA-201810-10] libssh: authentication bypass

Arch Linux Security Advisory ASA-201810-10 ========================================== Severity: Critical Date : 2018-10-17 CVE-ID : CVE-2018-10933 Package : libssh Type : authentication bypass Remote : Yes Link : https://security.archlinux.org/AVG-780 Summary ======= The package libssh before...

SSH Protocol Authentication Bypass (Remote Exploit Check)

The remote ssh server is vulnerable to an authentication bypass. An attacker can bypass authentication by presenting SSH2MSGUSERAUTHSUCCESS message in place of the SSH2MSGUSERAUTHREQUEST method that normally would initiate authentication. Note: This vulnerability was disclosed in a libssh advisor...

Slackware 14.0 / 14.1 / 14.2 / current : libssh (SSA:2018-289-01)

New libssh packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-289-01. The text itself is copyright C Slackware...

libssh Server 'CVE-2018-10933' Authentication Bypass Vulnerability

The remote SSH server is using libssh which is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2018-10933

A vulnerability was found in libssh's server-side state machine. A malicious client could create channels without first performing authentication, resulting in unauthorized access...

SUSE-SU-2018:3162-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2018-10933: Fixed a server mode authentication bypass bsc1108020...

CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access...

UBUNTU-CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access...

libssh -- authentication bypass vulnerability

gladiac reports: libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2MSGUSERAUTHSUCCESS message in place of the SSH2MSGUSERAUTHREQUEST message which the server would expect to initiate authentication, the attacker could...

Debian: Security Advisory (DSA-4322-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libssh/libssh_server_fuzzer: Stack-buffer-overflow in ssh_buffer_unpack_va

Project: https://git.libssh.org/projects/libssh.git Detailed report: https://oss-fuzz.com/testcase?key=5766380100517888 Project: libssh Fuzzer: libFuzzerlibsshserverfuzzer Fuzz target binary: libsshserverfuzzer Job Type: libfuzzerasanlibssh Platform Id: linux Crash Type: Stack-buffer-overflow REA...

Security fix for the ALT Linux 9 package libssh version 0.7.5-alt1

Aug. 8, 2017 Sergey V Turchin 0.7.5-alt1 - new version - security fix: CVE-2016-0739...