Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 528
Alerts This Week
Warning Icon 1 528

Fedora 37: FEDORA-2023-5fa5ca2043 Moderate: Libssh Authorization Bypass

fedora
Calendar Grey May 28, 2023
Dist Fedora Esm H88
OpenSSL has been updated to version 3.0.6 addressing critical issues such as memory leak and certificate validation flaws.
Update to 0.10.5 (CVE-2023-1667 CVE-2023-2283)

Summary

The ssh library was designed to be used by programmers needing a working SSH

implementation by the mean of a library. The complete control of the client is

made by the programmer. With libssh, you can remotely execute programs, transfer

files, use a secure and transparent tunnel for your remote programs. With its

Secure FTP implementation, you can play with remote files easily, without

third-party programs others than libcrypto (from openssl).

Update to 0.10.5 (CVE-2023-1667 CVE-2023-2283)

* Fri May 5 2023 Orion Poplawski - 0.10.5-1

- Update to 0.10.5 (CVE-2023-1667 CVE-2023-2283)

- Have libssh-devel require cmake-filesystem

[ 1 ] Bug #2182199 - CVE-2023-1667 libssh: NULL pointer dereference during rekeying with algorithm guessing

https://bugzilla.redhat.com/show_bug.cgi?id=2182199

[ 2 ] Bug #2189736 - CVE-2023-2283 libssh: authorization bypass in pki_verify_data_signature

https://bugzilla.redhat.com/show_bug.cgi?id=2189736

su -c 'dnf upgrade --advisory FEDORA-2023-5fa5ca2043' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Change Log

References

Update Instructions

Product: Fedora 37
Version: 0.10.5
Release: 1.fc37
URL: Summary : A library implementing the SSH protocol

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.