Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 23.10 USN-6585-1 critical: libssh2 information exposure

ubuntu
Calendar Grey January 15, 2024
Dist Ubuntu Esm H88
Address the libssh2 security risk on Ubuntu 23.10 by implementing these critical protective measures and protocols.
libssh2 could be made to expose sensitive information over the network.

Summary

libssh2 could be made to expose sensitive information over the network.

Software Description:

- libssh2: Client-side C library implementing the SSH2 protocol

Details:

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH

protocol was vulnerable to a prefix truncation attack. If a remote attacker

was able to intercept SSH communications, extension negotiation messages

could be truncated, possibly leading to certain algorithms and features

being downgraded. This issue is known as the Terrapin attack. This update

adds protocol extensions to mitigate this issue.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   libssh2-1                       1.11.0-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6585-1

CVE-2023-48795

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6585-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.