ALT Linux Team

Package libssh update in c8 on 2018-10-25

ALT-PU-2018-2563-1

Package libssh updated to version 0.7.6-alt2 for branch c8 in task 215572.

Closed vulnerabilities

Published: 2018-10-17

BDU:2018-01221

Уязвимость механизма аутентификации серверной части библиотеки libssh, позволяющая нарушителю обойти процедуру аутентификации

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2016-04-13
Modified: 2025-04-12

CVE-2016-0739

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2018-10-17
Modified: 2024-11-21

CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

Severity: MEDIUM (6.4) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top