Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 18.10, 18.04, 16.04, 14.04 USN-3795-3 Moderate Libssh Issue

ubuntu
Calendar Grey November 29, 2018
Dist Ubuntu Esm H88
Critical vulnerability patched in Libssh to boost system security. Users of Ubuntu are recommended to install updates to mitigate risks from potential authentication bypass.
USN-3795-1 and USN-3795-2 introduced a regression in libssh.

Summary

USN-3795-1 and USN-3795-2 introduced a regression in libssh.

Software Description:

- libssh: A tiny C SSH library

Details:

USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream

fix introduced a regression. This update fixes the problem.

Original advisory details:

Peter Winter-Smith discovered that libssh incorrectly handled

authentication when being used as a server. A remote attacker could use

this issue to bypass authentication without any credentials.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  libssh-4                        0.8.1-1ubuntu0.3

Ubuntu 18.04 LTS:
  libssh-4                        0.8.0~20170825.94fa1e38-1ubuntu0.2

Ubuntu 16.04 LTS:
  libssh-4                        0.6.3-4.3ubuntu0.2

Ubuntu 14.04 LTS:
  libssh-4                        0.6.1-0ubuntu3.5

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3795-1

https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1805348

November 29, 2018

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here