ALT Linux Team

Package libssh update in c8.1 on 2018-10-22

ALT-PU-2018-2528-1

Package libssh updated to version 0.7.6-alt2.1 for branch c8.1 in task 215232.

Closed vulnerabilities

Published: 2018-10-17

BDU:2018-01221

Уязвимость механизма аутентификации серверной части библиотеки libssh, позволяющая нарушителю обойти процедуру аутентификации

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2018-10-17
Modified: 2024-11-21

CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

Severity: MEDIUM (6.4) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top