[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
libssh 0.10.6 and libssh 0.9.8 security releases
[Thread Prev] | [Thread Next]
- Subject: libssh 0.10.6 and libssh 0.9.8 security releases
- From: Jakub Jelen <jjelen@xxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Mon, 18 Dec 2023 21:54:42 +0100
- To: libssh@xxxxxxxxxx
The two new releases of libssh 0.9 and 0.10 address the following security issues: * CVE-2023-6004: Command Injection using malicious hostname in expanded proxycommand. More details can be found in the advisory. * CVE-2023-48795: Avoid potential downgrade attacks by implementing strict kex. More details can be found in the advisory. * CVE-2023-6918: Avoid potential use of weak keys in low memory conditions by systematically checking return values of MD functions. More details can be found in the advisory. In addition the 0.10 version contains several bugfixes and backports. For full list, see the changelog below. If you are new to libssh you should read our tutorial how to get started. Please join our mailing list or visit Matrix channel if you have questions. You can read the full advisories, changelog and download updated libssh on the following announcement post: https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
| Re: libssh 0.10.6 and libssh 0.9.8 security releases | Carlo Bramini <carlo.bramix@xxxxxxxxx> |