Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Fedora 39: FEDORA-2023-e77300e4b5 moderate: Python AsyncSSH prefix attack

fedora
Calendar Grey December 30, 2023
Dist Fedora Esm H88
This release addresses CVE-2023-48795 in python-asyncssh to counter a flaw concerning the cutting of prefixes.
Security fix for CVE-2023-48795

Summary

Python 3 library for asynchronous client and

server-side SSH communication. It uses the Python asyncio module and

implements many SSH protocol features such as the various channels,

SFTP, SCP, forwarding, session multiplexing over a connection and more.

Update Information:

Security fix for CVE-2023-48795

Topics%20covered

Topics Covered

security advisory software update Fedora Python library truncation prefix attack

Change Log

* Thu Dec 21 2023 Georg Sauthoff - 2.14.2-1 - Update to latest upstream version (fixes fedora#2255038) - Fix CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (fixes fedora#2254210)

References


[ 1 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP) https://bugzilla.redhat.com/show_bug.cgi?id=2254210

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-e77300e4b5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: python-asyncssh
Product: Fedora 39
Version: 2.14.2
Release: 1.fc39
URL: https://github.com/ronf/asyncssh
Summary: Asynchronous SSH for Python

Topics%20covered

Topics Covered

security advisory software update Fedora Python library truncation prefix attack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here