Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
89
security advisoryupdateFedoraFedora 41: libssh2 2025-9cee4b3ac0 Security Advisory Updates
This update, to the current upstream libssh2 release, addresses a couple of security issues: CVE-2023-6918 (missing checks for return values for digests) CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) - "Terrapin"). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-9cee4b3ac0 2025-03-17 01:37:24.408122+00:00 -------------------------------------------------------------------------------- Name : libssh2 Product : Fedora 41 Version : 1.11.1 Release : 1.fc41 URL : https://libssh2.org/ Summary : A library implementing the SSH2 protocol Description : libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, SECSH-DHGEX(04), and SECSH-NUMBERS(10). -------------------------------------------------------------------------------- Update Information: This update, to the current upstream libssh2 release, addresses a couple of security issues: CVE-2023-6918 (missing checks for return values for digests) CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) - "Terrapin") It also removes support for a number of legacy algorithms that were disabled by default or removed from OpenSSH in the 2015-2018 time period. See the RELEASE_NOTES file for full details. In addition, there are a large number of bug fixes and enhancements, which again are described in the RELEASE_NOTES file. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 16 2024 Paul Howarth - 1.11.1-1 - Update to 1.11.1 (rhbz#2319104) - This is an enhancement and bugfix release - see RELEASE_NOTES for details - Note also that various algorithms are now deprecated and not built by default, which affects thispackage -------------------------------------------------------------------------------- References: [ 1 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP) https://bugzilla.redhat.com/show_bug.cgi?id=2254210 [ 2 ] Bug #2254997 - CVE-2023-6918 libssh: Missing checks for return values for digests https://bugzilla.redhat.com/show_bug.cgi?id=2254997 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-9cee4b3ac0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 17, 2025
•Important
Fedora
203
security advisoryremote attackmoderate severityMageia: 2024-0034 Moderate: FileZilla Prefix Truncation Attack Fix
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information. . MGASA-2024-0034 - Updated filezilla packages fix a security vulnerability ("Terrapin attack") Publication date: 10 Feb 2024 URL: https://advisories.mageia.org/MGASA-2024-0034.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-48795 Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information. This update fixes the issue. References: - https://bugs.mageia.org/show_bug.cgi?id=32748 - https://ubuntu.com/security/notices/USN-6589-1 - https://www.cve.org/CVERecord?id=CVE-2023-48795 SRPMS: - 9/core/filezilla-3.66.4-1.mga9 . Mageia's MGASA-2024-0035 tackles a major vulnerability in GIMP, reinforcing vital image editing safeguards.. FileZilla Security Update, Mageia Advisory, SSH Protocol Fix. . LinuxSecurity.com Team
Feb 10, 2024
Mageia
100
security advisorysoftware updateimportantSUSE: 2024:0327-1 Important: Jsch and Bouncycastle Security Issue
* bsc#1218134 Cross-References: * CVE-2023-48795 . # Security update for bouncycastle, jsch Announcement ID: SUSE-SU-2024:0327-1 Rating: important References: * bsc#1218134 Cross-References: * CVE-2023-48795 CVSS scores: * CVE-2023-48795 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-48795 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for bouncycastle, jsch fixes the following issues: * Updated jsch to version 0.2.15: * CVE-2023-48795: Fixed a prefix truncation issue that could leadto disclosure of sensitive information (bsc#1218134). * Updated bouncycastle to version 1.77. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-327=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-327=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-327=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-327=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-327=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2024-327=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-327=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-327=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-327=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-327=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-327=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-327=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-327=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-327=1 * SUSE Linux Enterprise Server for SAPApplications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-327=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * bouncycastle-1.77-150200.3.24.1 * bouncycastle-util-1.77-150200.3.24.1 * bouncycastle-pkix-1.77-150200.3.24.1 * bouncycastle-pg-1.77-150200.3.24.1 * jsch-0.2.15-150200.11.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * bouncycastle-1.77-150200.3.24.1 * bouncycastle-util-1.77-150200.3.24.1 * bouncycastle-pkix-1.77-150200.3.24.1 * bouncycastle-pg-1.77-150200.3.24.1 * jsch-0.2.15-150200.11.13.1 * SUSE Enterprise Storage 7.1 (noarch) * bouncycastle-1.77-150200.3.24.1 * bouncycastle-util-1.77-150200.3.24.1 * bouncycastle-pkix-1.77-150200.3.24.1 * bouncycastle-pg-1.77-150200.3.24.1 * jsch-0.2.15-150200.11.13.1 * openSUSE Leap 15.5 (noarch) * bouncycastle-mail-1.77-150200.3.24.1 * bouncycastle-1.77-150200.3.24.1 * bouncycastle-tls-1.77-150200.3.24.1 * bouncycastle-util-1.77-150200.3.24.1 * bouncycastle-jmail-1.77-150200.3.24.1 * bouncycastle-javadoc-1.77-150200.3.24.1 * jsch-javadoc-0.2.15-150200.11.13.1 * bouncycastle-pkix-1.77-150200.3.24.1 * bouncycastle-pg-1.77-150200.3.24.1 * jsch-0.2.15-150200.11.13.1 * jsch-demo-0.2.15-150200.11.13.1 * Development Tools Module 15-SP5 (noarch) * bouncycastle-1.77-150200.3.24.1 * bouncycastle-util-1.77-150200.3.24.1 * bouncycastle-pkix-1.77-150200.3.24.1 * bouncycastle-pg-1.77-150200.3.24.1 * jsch-0.2.15-150200.11.13.1 * SUSE Manager Server 4.3 Module 4.3 (noarch) * jsch-0.2.15-150200.11.13.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * bouncycastle-1.77-150200.3.24.1 * bouncycastle-util-1.77-150200.3.24.1 * bouncycastle-pkix-1.77-150200.3.24.1 * bouncycastle-pg-1.77-150200.3.24.1 * jsch-0.2.15-150200.11.13.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * bouncycastle-1.77-150200.3.24.1 * bouncycastle-util-1.77-150200.3.24.1 * bouncycastle-pkix-1.77-150200.3.24.1 * bouncycastle-pg-1.77-150200.3.24.1 * jsch-0.2.15-150200.11.13.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * bouncycastle-1.77-150200.3.24.1 * bouncycastle-util-1.77-150200.3.24.1 * bouncycastle-pkix-1.77-150200.3.24.1 * bouncycastle-pg-1.77-150200.3.24.1 * jsch-0.2.15-150200.11.13.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * bouncycastle-1.77-150200.3.24.1 * bouncycastle-util-1.77-150200.3.24.1 * bouncycastle-pkix-1.77-150200.3.24.1 * bouncycastle-pg-1.77-150200.3.24.1 * jsch-0.2.15-150200.11.13.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * bouncycastle-1.77-150200.3.24.1 * bouncycastle-util-1.77-150200.3.24.1 * bouncycastle-pkix-1.77-150200.3.24.1 * bouncycastle-pg-1.77-150200.3.24.1 * jsch-0.2.15-150200.11.13.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * bouncycastle-1.77-150200.3.24.1 * bouncycastle-util-1.77-150200.3.24.1 * bouncycastle-pkix-1.77-150200.3.24.1 * bouncycastle-pg-1.77-150200.3.24.1 * jsch-0.2.15-150200.11.13.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * bouncycastle-1.77-150200.3.24.1 * bouncycastle-util-1.77-150200.3.24.1 * bouncycastle-pkix-1.77-150200.3.24.1 * bouncycastle-pg-1.77-150200.3.24.1 * jsch-0.2.15-150200.11.13.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * bouncycastle-1.77-150200.3.24.1 * bouncycastle-util-1.77-150200.3.24.1 * bouncycastle-pkix-1.77-150200.3.24.1 * bouncycastle-pg-1.77-150200.3.24.1 * jsch-0.2.15-150200.11.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * bouncycastle-1.77-150200.3.24.1 * bouncycastle-util-1.77-150200.3.24.1 * bouncycastle-pkix-1.77-150200.3.24.1 * bouncycastle-pg-1.77-150200.3.24.1 * jsch-0.2.15-150200.11.13.1 ##References: * https://www.suse.com/security/cve/CVE-2023-48795.html * https://bugzilla.suse.com/show_bug.cgi?id=1218134 . An important announcement pertains to the resolution of a prefix cutting problem in jsch and bouncycastle. Discover further details.. jsch Security Patch, bouncycastle Fix, SUSE Important Update, Linux Software Security. . Severity: Important. LinuxSecurity.com Team
Feb 05, 2024
•Important
SuSE
203
security advisorycriticalSSHMageia 9 MGASA-2024-0015 Critical: Fix for SSH Prefix Truncation Attack
The updated packages fix a security vulnerability: Prefix Truncation Attacks in SSH Specification (Terrapin Attack): erlang-ssh. (CVE-2023-48795) References: . MGASA-2024-0015 - Updated erlang packages fix a security vulnerability (Terrapin Attack) Publication date: 19 Jan 2024 URL: https://advisories.mageia.org/MGASA-2024-0015.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-48795 The updated packages fix a security vulnerability: Prefix Truncation Attacks in SSH Specification (Terrapin Attack): erlang-ssh. (CVE-2023-48795) References: - https://bugs.mageia.org/show_bug.cgi?id=32670 - https://www.openwall.com/lists/oss-security/2023/12/18/3 - https://www.openwall.com/lists/oss-security/2023/12/19/5 - https://www.openwall.com/lists/oss-security/2023/12/20/3 - https://www.cve.org/CVERecord?id=CVE-2023-48795 SRPMS: - 9/core/erlang-24.3.4.15-1.mga9 . New improvements in Erlang packages boost the security measures for Mageia systems by tackling the SSH Prefix Truncation Vulnerability.. Erlang Security Update, SSH Attack Mitigation, Mageia Security Fix. . Severity: Critical. LinuxSecurity.com Team
Jan 19, 2024
•Critical
Mageia
89
security advisoryfedoracriticalFedora 39: 2024:8c12345edc Major: golang-x-crypto Critical Prefix Attack
Update golang-x-crypto to v0.18.0, fix for CVE-2023-48795. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-7b08207cdb 2024-01-18 01:45:03.774742 -------------------------------------------------------------------------------- Name : golang-x-crypto Product : Fedora 39 Version : 0.18.0 Release : 1.fc39 URL : https://github.com/golang/crypto Summary : Go supplementary cryptography libraries Description : Go supplementary cryptography libraries. -------------------------------------------------------------------------------- Update Information: Update golang-x-crypto to v0.18.0, fix for CVE-2023-48795 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 9 2024 Mark E. Fuller - 0.18.0-1 - update to v0.18.0, close rhbz#2255095 - CVE-2023-48795 golang-x-crypto: ssh: Prefix truncation attack on Binary Packet Protocol * Tue Dec 19 2023 Mark E. Fuller - 0.17.0-1 - update to v0.17.0, close rhbz#2255153 * Tue Nov 28 2023 Mark E. Fuller - 0.16.0-1 - update to v0.16.0, close rhbz#2251962 * Mon Nov 20 2023 Mark E. Fuller - 0.15.0-1 - update to 0.15.0, close rhbz#2248796 * Mon Oct 9 2023 Mark E. Fuller - 0.14.0-1 - update to v0.14.0, close rhbz#2242424 * Wed Sep 6 2023 Mark E. Fuller - 0.13.0-1 - update to v0.13.0, close rhbz#2237488 * Sat Aug 12 2023 Mark E. Fuller - 0.12.0-1 - update to v0.12.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP) https://bugzilla.redhat.com/show_bug.cgi?id=2254210 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-7b08207cdb' at the command line. For more information, refer to the dnfdocumentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 18, 2024
•Critical
Fedora
172
security advisoryUbuntuinformation exposureUbuntu 23.10 USN-6585-1 critical: libssh2 information exposure
libssh2 could be made to expose sensitive information over the network.. ========================================================================== Ubuntu Security Notice USN-6585-1 January 15, 2024 libssh2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 Summary: libssh2 could be made to expose sensitive information over the network. Software Description: - libssh2: Client-side C library implementing the SSH2 protocol Details: Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: libssh2-1 1.11.0-2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6585-1 CVE-2023-48795 Package Information: . Address the libssh2 security risk on Ubuntu 23.10 by implementing these critical protective measures and protocols.. libssh2, Ubuntu security, sensitive information, SSH protocol. . Severity: Critical. LinuxSecurity.com Team
Jan 15, 2024
•Critical
Ubuntu
202
security advisorysecurity updateimportantopenSUSE 15.4/15.5: SUSE-SU-2024:0035-1 Important ssh Integrity Fix
This update for python-paramiko fixes the following issues: CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack (bsc#bsc#1218168).. # Security update for python-paramiko Announcement ID: SUSE-SU-2024:0035-1 Rating: important References: * bsc#1218168 Cross-References: * CVE-2023-48795 CVSS scores: * CVE-2023-48795 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-48795 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-paramiko fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack (bsc#bsc#1218168). * Update to 3.4.0. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-35=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-35=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-35=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patchSUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-35=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-35=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-35=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-35=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-35=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-paramiko-3.4.0-150400.13.6.1 * python-paramiko-doc-3.4.0-150400.13.6.1 * openSUSE Leap 15.5 (noarch) * python311-paramiko-3.4.0-150400.13.6.1 * python-paramiko-doc-3.4.0-150400.13.6.1 * Python 3 Module 15-SP5 (noarch) * python311-paramiko-3.4.0-150400.13.6.1 * python-paramiko-doc-3.4.0-150400.13.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python311-paramiko-3.4.0-150400.13.6.1 * python-paramiko-doc-3.4.0-150400.13.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python311-paramiko-3.4.0-150400.13.6.1 * python-paramiko-doc-3.4.0-150400.13.6.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * python311-paramiko-3.4.0-150400.13.6.1 * python-paramiko-doc-3.4.0-150400.13.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * python311-paramiko-3.4.0-150400.13.6.1 * python-paramiko-doc-3.4.0-150400.13.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python311-paramiko-3.4.0-150400.13.6.1 * python-paramiko-doc-3.4.0-150400.13.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-48795.html * https://bugzilla.suse.com/show_bug.cgi?id=1218168 . Important security fix released for python-paramiko solving prefix cuts and ssh validation problems. Please update immediately.. python-paramiko Update, ssh security,prefix truncation issue, important fixes. . Severity: Important. LinuxSecurity.com Team
Jan 05, 2024
•Important
OpenSUSE
87
security advisorycritical updateSSH protocolDebian bullseye: DSA-5588-1 critical: putty prefix truncation attack
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5588-1
Dec 24, 2023
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!