Security Bulletin: IBM Storage Ceph is vulnerable to a Rogue Session Attack and Rogue Extension Negotiation in python-asyncssh (CVE-2023-46446, CVE-2023-46445)

Summary python-asyncssh is used by IBM Storage Ceph as an asynchronous client and server implementation of the SSHv2 protocol. CVE-2023-46446, CVE-2023-46445 Vulnerability Details CVEID:CVE-2023-46446 DESCRIPTION: An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Validation of Integrity Check Value in python-asyncssh (CVE-2023-48795)

Summary python-asyncss is used by IBM Storage Ceph ias an asynchronous client and server implementation of the SSHv2 protocol. CVE-2023-48795 Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...

python-asyncssh: Rogue Session Attack

A flaw was found in python-synch before the 2.14.1 versions, where the client can log in to the attacker's account without the client being able to detect this. This flaw allows an attacker to control the remote end of the SSH session completely, resulting in a complete break of the confidentiali...

Ubuntu: Security Advisory (USN-7108-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7108-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7051-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7051-1 python-asyncssh vulnerability

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...

Debian: Security Advisory (DLA-3899-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3899-1] python-asyncssh security update

Debian LTS Advisory DLA-3899-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert September 27, 2024 https://wiki.debian.org/LTS Package : python-asyncssh Version : 2.5.0-0.1+deb11u1 CVE ID : CVE-2023-46445 CVE-2023-46446 CVE-2023-48795 Debian Bug : 1055999 1056000...

DLA-3899-1 python-asyncssh - security update

Bulletin has no description...

Debian dla-3899 : python-asyncssh-doc - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3899 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3899-1 [email protected]...

Fedora: Security Advisory (FEDORA-2023-a3af7820e8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-5750-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5750-1] python-asyncssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5750-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 18, 2024 https://www.debian.org/security/faq -...

DSA-5750-1 python-asyncssh - security update

Bulletin has no description...

Debian dsa-5750 : python-asyncssh-doc - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5750 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5750-1 [email protected] https://www.debian.org/security/ Moritz...

Fedora 40 : python-asyncssh (2023-a3af7820e8)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-a3af7820e8 advisory. Automatic update for python-asyncssh-2.14.2-1.fc40. Changelog Thu Dec 21 2023 Georg Sauthoff - 2.14.2-1 - Update to latest upstream version fixes fedora22550...

K000138576: Python-asyncssh vulnerability CVE-2023-46445

Security Advisory Description An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation." CVE-2023-46445 Impact There is no impact; F5 products are not affected by this vulnerability...

[SECURITY] [DLA 3730-1] python-asyncssh security update

Debian LTS Advisory DLA-3730-1 [email protected] https://www.debian.org/lts/security/ ; Daniel Leidert February 01, 2024 https://wiki.debian.org/LTS Package : python-asyncssh Version : 1.12.2-1+deb10u1 CVE...

DLA-3730-1 python-asyncssh - security update

Bulletin has no description...