Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 33: FEDORA-2021-f2a020a065 Critical: libssh Buffer Overflow

fedora
Calendar Grey October 7, 2021
Dist Fedora Esm H88
Update of libssh to mitigate buffer overflow vulnerabilities in Fedora 33. Ensure your system remains fortified with the newest patches.
Rebase to libssh-0.9.6 Fix CVE-2021-3634

Summary

The ssh library was designed to be used by programmers needing a working SSH

implementation by the mean of a library. The complete control of the client is

made by the programmer. With libssh, you can remotely execute programs, transfer

files, use a secure and transparent tunnel for your remote programs. With its

Secure FTP implementation, you can play with remote files easily, without

third-party programs others than libcrypto (from openssl).

Rebase to libssh-0.9.6 Fix CVE-2021-3634

* Mon Sep 13 2021 Norbert Pocs - 0.9.6-1

- Fix CVE-CVE-2021-3634 libssh: possible heap-based buffer

overflow when rekeying

- Resolves: rhbz#1994600

* Thu Jul 22 2021 Fedora Release Engineering - 0.9.5-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

* Tue Jan 26 2021 Fedora Release Engineering - 0.9.5-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

[ 1 ] Bug #1998135 - CVE-2021-3634 libssh: possible heap-based buffer overflow when rekeying [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1998135

[ 2 ] Bug #1998163 - libssh-0.9.6 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1998163

su -c 'dnf upgrade --advisory FEDORA-2021-f2a020a065' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora software patch libssh

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 0.9.6
Release: 1.fc33
URL: Summary : A library implementing the SSH protocol

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora software patch libssh

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here