Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 39: FEDORA-2023-0733306be9 critical: libssh remote execution breach

fedora
Calendar Grey December 22, 2023
Dist Fedora Esm H88
The latest OpenSSL update for Ubuntu 23.10 addresses multiple security issues. It's essential to upgrade for safer web communications.
New upstream release fixing (CVE-2023-48795, CVE-2023-6004, CVE-2023-6918)

Summary

The ssh library was designed to be used by programmers needing a working SSH

implementation by the mean of a library. The complete control of the client is

made by the programmer. With libssh, you can remotely execute programs, transfer

files, use a secure and transparent tunnel for your remote programs. With its

Secure FTP implementation, you can play with remote files easily, without

third-party programs others than libcrypto (from openssl).

Update Information:

New upstream release fixing (CVE-2023-48795, CVE-2023-6004, CVE-2023-6918)

Topics%20covered

Topics Covered

security advisory critical issue update Fedora remote execution libssh

Change Log

* Mon Dec 18 2023 Jakub Jelen - 0.10.6-1 - New upstream release fixing (CVE-2023-48795, CVE-2023-6004, CVE-2023-6918)

References


[ 1 ] Bug #2251110 - CVE-2023-6004 libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname https://bugzilla.redhat.com/show_bug.cgi?id=2251110 [ 2 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP) https://bugzilla.redhat.com/show_bug.cgi?id=2254210 [ 3 ] Bug #2254997 - CVE-2023-6918 libssh: Missing checks for return values for digests https://bugzilla.redhat.com/show_bug.cgi?id=2254997

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-0733306be9' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libssh
Product: Fedora 39
Version: 0.10.6
Release: 1.fc39
URL: Summary : A library implementing the SSH protocol

Topics%20covered

Topics Covered

security advisory critical issue update Fedora remote execution libssh

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here