Package libssh updated to version 0.9.5-alt1 for branch sisyphus in task 271598.

Published: 2020-02-12

BDU:2020-02135

Уязвимость библиотеки libssh, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2020-1730

Published: 2020-07-30

BDU:2021-03730

Уязвимость компонента tftpserver.c библиотеки для аутентификации клиента libssh, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2020-16135

Published: 2020-07-30
Modified: 2024-11-21

CVE-2020-16135

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2020-04-13
Modified: 2024-11-21

CVE-2020-1730

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Version: 2.1.0

Package libssh update in sisyphus on 2021-05-12

ALT-PU-2021-1788-1

Closed vulnerabilities

BDU:2020-02135

BDU:2021-03730

CVE-2020-16135

CVE-2020-1730