Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Fedora 28: FEDORA-2018-c08cd808d3 Critical: libssh Authentication Bypass

fedora
Calendar Grey October 20, 2018
Dist Fedora Esm H88
Urgent security patch for Fedora 28 involving libssh addresses significant authentication flaws present in version 0.8.4.
Update to version 0.8.4 to address CVE-2018-10933

Summary

The ssh library was designed to be used by programmers needing a working SSH

implementation by the mean of a library. The complete control of the client is

made by the programmer. With libssh, you can remotely execute programs, transfer

files, use a secure and transparent tunnel for your remote programs. With its

Secure FTP implementation, you can play with remote files easily, without

third-party programs others than libcrypto (from openssl).

Update to version 0.8.4 to address CVE-2018-10933

* Tue Oct 16 2018 Andreas Schneider - 0.8.4-1

- Update to version 0.8.4

- Fixes CVE-2018-10933

* Mon Oct 1 2018 Anderson Sasaki - 0.8.3-3

- Fixed errors found by static code analysis

* Tue Sep 25 2018 Anderson Sasaki - 0.8.3-2

- Add missing libssh_threads.so link to libssh-devel package

* Fri Sep 21 2018 Andreas Schneider - 0.8.3-1

- Update to version 0.8.3

* Thu Aug 30 2018 Andreas Schneider - 0.8.2-1

- Update to version 0.8.2

* Thu Aug 16 2018 Andreas Schneider - 0.8.1-4

- Fix link creation or RPM doesn't install it

* Wed Aug 15 2018 Andreas Schneider - 0.8.1-3

- Add missing so version for libssh_threads.so.4

* Tue Aug 14 2018 Andreas Schneider - 0.8.1-2

- Add Provides for libssh_threads.so to unbreak applications

* Mon Aug 13 2018 Andreas Schneider - 0.8.1-1

- Update to version 0.8.1

- resolves: #1615248 - pkg-config --modversion

- resolves: #1615132 - library initialization

* Fri Aug 10 2018 Andreas Schneider - 0.8.0-1

- Update to version 0.8.0

* Wed Mar 7 2018 Rex Dieter - 0.7.5-8

- BR: gcc-c++, use %make_build

[ 1 ] Bug #1639925 - CVE-2018-10933 libssh: Authentication Bypass due to improper message callbacks implementation [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1639925

su -c 'dnf upgrade --advisory FEDORA-2018-c08cd808d3' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory Fedora critical update security patch authentication issue CVE fix libssh

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 28
Version: 0.8.4
Release: 1.fc28
URL: Summary : A library implementing the SSH protocol

Topics%20covered

Topics Covered

security advisory Fedora critical update security patch authentication issue CVE fix libssh

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here