Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 38: 2023-55800423a8 moderate: libssh hostname parsing issue

fedora
Calendar Grey January 10, 2024
Dist Fedora Esm H88
The latest update for Fedora 38's libssh addresses significant security flaws and rectifies major issues. Further information can be found within.
Fix regression in IPv6 hosntames parsing ---- New upstream release fixing (CVE-2023-48795, CVE-2023-6004, CVE-2023-6918)

Summary

The ssh library was designed to be used by programmers needing a working SSH

implementation by the mean of a library. The complete control of the client is

made by the programmer. With libssh, you can remotely execute programs, transfer

files, use a secure and transparent tunnel for your remote programs. With its

Secure FTP implementation, you can play with remote files easily, without

third-party programs others than libcrypto (from openssl).

Update Information:

Fix regression in IPv6 hosntames parsing ---- New upstream release fixing (CVE-2023-48795, CVE-2023-6004, CVE-2023-6918)

Topics%20covered

Topics Covered

security advisory moderate Fedora code injection libssh hostname parsing

Change Log

* Fri Dec 22 2023 Jakub Jelen - 0.10.6-2 - Fix regression in IPv6 hosntames parsing * Mon Dec 18 2023 Jakub Jelen - 0.10.6-1 - New upstream release fixing (CVE-2023-48795, CVE-2023-6004, CVE-2023-6918) * Thu Jul 20 2023 Fedora Release Engineering - 0.10.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

References


[ 1 ] Bug #2251110 - CVE-2023-6004 libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname https://bugzilla.redhat.com/show_bug.cgi?id=2251110 [ 2 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP) https://bugzilla.redhat.com/show_bug.cgi?id=2254210 [ 3 ] Bug #2254997 - CVE-2023-6918 libssh: Missing checks for return values for digests https://bugzilla.redhat.com/show_bug.cgi?id=2254997

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-55800423a8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: libssh
Product: Fedora 38
Version: 0.10.6
Release: 2.fc38
URL: Summary : A library implementing the SSH protocol

Topics%20covered

Topics Covered

security advisory moderate Fedora code injection libssh hostname parsing

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here