Alerts This Week
Warning Icon 1 1,139
Alerts This Week
Warning Icon 1 1,139

Ubuntu: 4327-1 Critical: libssh Denial Of Service Attack

ubuntu
Calendar Grey April 9, 2020
Dist Ubuntu Esm H88
Linux users must be vigilant as vulnerabilities in libssh can cause crashes with specially crafted network packets. Updating to secure versions is crucial
libssh could be made to crash if it received specially crafted network traffic.

Summary

libssh could be made to crash if it received specially crafted network

traffic.

Software Description:

- libssh: A tiny C SSH library

Details:

Yasheng Yang discovered that libssh incorrectly handled AES-CTR ciphers. A

remote attacker could possibly use this issue to cause libssh to crash,

resulting in a denial of service.

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu network attack libssh

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  libssh-4                        0.9.0-1ubuntu1.4

Ubuntu 18.04 LTS:
  libssh-4                        0.8.0~20170825.94fa1e38-1ubuntu0.6

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4327-1

CVE-2020-1730

Severity
critical
Lowest
Low
Medium
High
Critical

April 09, 2020

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu network attack libssh

Package Information

https://launchpad.net/ubuntu/+source/libssh/0.9.0-1ubuntu1.4
https://launchpad.net/ubuntu/+source/libssh/0.8.0~20170825.94fa1e38-1ubuntu0.6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here