Package libssh updated to version 0.8.8-alt1 for branch p8 in task 247316.

Published: 2018-10-17

BDU:2018-01221

Уязвимость механизма аутентификации серверной части библиотеки libssh, позволяющая нарушителю обойти процедуру аутентификации

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-10933

Published: 2020-04-15

BDU:2020-02642

Уязвимость функции ssh_scp_new() библиотеки libssh, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.1) Vector: AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2019-14889

Published: 2018-10-17
Modified: 2024-11-21

CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Published: 2019-12-11
Modified: 2024-11-21

CVE-2019-14889

A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Обновить до 0.8.5

Version: 2.1.0

Package libssh update in p8 on 2020-03-13

ALT-PU-2020-1469-1

Closed vulnerabilities

BDU:2018-01221

BDU:2020-02642

CVE-2018-10933

CVE-2019-14889

Closed bugs

Bug #36129