Stay Secure with the Latest Linux Advisories

security advisoryupdateFedora

Fedora 41: libssh2 2025-9cee4b3ac0 Security Advisory Updates

This update, to the current upstream libssh2 release, addresses a couple of security issues: CVE-2023-6918 (missing checks for return values for digests) CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) - "Terrapin"). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-9cee4b3ac0 2025-03-17 01:37:24.408122+00:00 -------------------------------------------------------------------------------- Name : libssh2 Product : Fedora 41 Version : 1.11.1 Release : 1.fc41 URL : https://libssh2.org/ Summary : A library implementing the SSH2 protocol Description : libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, SECSH-DHGEX(04), and SECSH-NUMBERS(10). -------------------------------------------------------------------------------- Update Information: This update, to the current upstream libssh2 release, addresses a couple of security issues: CVE-2023-6918 (missing checks for return values for digests) CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) - "Terrapin") It also removes support for a number of legacy algorithms that were disabled by default or removed from OpenSSH in the 2015-2018 time period. See the RELEASE_NOTES file for full details. In addition, there are a large number of bug fixes and enhancements, which again are described in the RELEASE_NOTES file. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 16 2024 Paul Howarth - 1.11.1-1 - Update to 1.11.1 (rhbz#2319104) - This is an enhancement and bugfix release - see RELEASE_NOTES for details - Note also that various algorithms are now deprecated and not built by default, which affects thispackage -------------------------------------------------------------------------------- References: [ 1 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP) https://bugzilla.redhat.com/show_bug.cgi?id=2254210 [ 2 ] Bug #2254997 - CVE-2023-6918 libssh: Missing checks for return values for digests https://bugzilla.redhat.com/show_bug.cgi?id=2254997 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-9cee4b3ac0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Libssh2 updates for Fedora 41 address important security issues including prefix truncation and missing digest checks.. update, current, upstream, libssh2, release, addresses, couple, security, cve-202. . Severity: Important. LinuxSecurity.com Team

Mar 17, 2025 •Important Fedora