Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Warning: Undefined array key "Description" in /var/www/www.linuxsecurity.com-443/html/lsadvisories/lsadvisories.php on line 220

Fedora 22: 2015-10962 Moderate: libssh SSH Protocol Fix

fedora
Calendar Grey July 14, 2015
Dist Fedora Esm H88
Announcement regarding libssh update on Fedora 22 targeting CVE-2015-3146. This release includes critical patches and corrections for multiple vulnerabilities.
Update to version 0.7.1 Add patch to fix undefined symbol: ssh_forward_listen (bug #1221310) Update to version 0.7.0 Security fix for CVE-2015-3146

Summary

The ssh library was designed to be used by programmers needing a working SSH

implementation by the mean of a library. The complete control of the client is

made by the programmer. With libssh, you can remotely execute programs, transfer

files, use a secure and transparent tunnel for your remote programs. With its

Secure FTP implementation, you can play with remote files easily, without

third-party programs others than libcrypto (from openssl).

Update Information:

Update to version 0.7.1 Add patch to fix undefined symbol: ssh_forward_listen (bug #1221310)

Update to version 0.7.0 Security fix for CVE-2015-3146

Topics%20covered

Topics Covered

security advisory moderate update Fedora bug fix SSH protocol libssh

Change Log

* Tue Jun 30 2015 Andreas Schneider - 0.7.1-1 - Update to version 0.7.1 * Fixed SSH_AUTH_PARTIAL auth with auto public key * Fixed memory leak in session options * Fixed allocation of ed25519 public keys * Fixed channel exit-status and exit-signal * Reintroduce ssh_forward_listen() - resolves: #1223964 - Fix channel exit status. * Thu May 21 2015 Orion Poplawski - 0.7.0-2 - Add patch to fix undefined symbol: ssh_forward_listen (bug #1221310) * Mon May 11 2015 Andreas Schneider - 0.7.0-1 - Update to version 0.7.0 * Added support for ed25519 keys * Added SHA2 algorithms for HMAC * Added improved and more secure buffer handling code * Added callback for auth_none_function * Added support for ECDSA private key signing * Added more tests * Fixed a lot of bugs * Improved API documentation * Thu Apr 30 2015 Andreas Schneider - 0.6.5-1 - resolves: #1213775 - Security fix for CVE-2015-3146 - resolves: #1218076 - Security fix for CVE-2015-3146

References


[ 1 ] Bug #1213775 - CVE-2015-3146 libssh: null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets https://bugzilla.redhat.com/show_bug.cgi?id=1213775

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update libssh' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: libssh
Product: Fedora 22
Version: 0.7.1
Release: 1.fc22
URL: Summary : A library implementing the SSH protocol

Topics%20covered

Topics Covered

security advisory moderate update Fedora bug fix SSH protocol libssh

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here