Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Fedora 41: libssh2 2025-9cee4b3ac0 Security Advisory Updates

fedora
Calendar Grey March 17, 2025
Dist Fedora Esm H88
Libssh2 updates for Fedora 41 address important security issues including prefix truncation and missing digest checks.
This update, to the current upstream libssh2 release, addresses a couple of security issues: CVE-2023-6918 (missing checks for return values for digests) CVE-2023-48795 (prefix tru...

Summary

libssh2 is a library implementing the SSH2 protocol as defined by

Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25),

SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*,

SECSH-DHGEX(04), and SECSH-NUMBERS(10).

Update Information:

This update, to the current upstream libssh2 release, addresses a couple of security issues: CVE-2023-6918 (missing checks for return values for digests) CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) - "Terrapin") It also removes support for a number of legacy algorithms that were disabled by default or removed from OpenSSH in the 2015-2018 time period. See the RELEASE_NOTES file for full details. In addition, there are a large number of bug fixes and enhancements, which again are described in the RELEASE_NOTES file.

Change Log

* Wed Oct 16 2024 Paul Howarth - 1.11.1-1 - Update to 1.11.1 (rhbz#2319104) - This is an enhancement and bugfix release - see RELEASE_NOTES for details - Note also that various algorithms are now deprecated and not built by default, which affects this package

References


[ 1 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP) https://bugzilla.redhat.com/show_bug.cgi?id=2254210 [ 2 ] Bug #2254997 - CVE-2023-6918 libssh: Missing checks for return values for digests https://bugzilla.redhat.com/show_bug.cgi?id=2254997

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-9cee4b3ac0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: libssh2
Product: Fedora 41
Version: 1.11.1
Release: 1.fc41
Summary: A library implementing the SSH2 protocol

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here