[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: libssh 0.10.6 and libssh 0.9.8 security releases
[Thread Prev] | [Thread Next]
- Subject: Re: libssh 0.10.6 and libssh 0.9.8 security releases
- From: Carlo Bramini <carlo.bramix@xxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Mon, 25 Dec 2023 14:03:29 +0100 (CET)
- To: libssh@xxxxxxxxxx
Thank you very much! I updated my packages of libssh to version 0.10.6-1 for CYGWIN into my repo: https://github.com/carlo-bramini/packages-cygwin/tree/main/libssh Sincerely, Carlo Bramini. > Il 18/12/2023 21:54 CET Jakub Jelen <jjelen@xxxxxxxxxx> ha scritto: > > > The two new releases of libssh 0.9 and 0.10 address the following > security issues: > > * CVE-2023-6004: Command Injection using malicious hostname in > expanded proxycommand. More details can be found in the advisory. > * CVE-2023-48795: Avoid potential downgrade attacks by implementing > strict kex. More details can be found in the advisory. > * CVE-2023-6918: Avoid potential use of weak keys in low memory > conditions by systematically checking return values of MD functions. > More details can be found in the advisory. > > In addition the 0.10 version contains several bugfixes and backports. > For full list, see the changelog below. > > If you are new to libssh you should read our tutorial how to get > started. Please join our mailing list or visit Matrix channel if you > have questions. > > You can read the full advisories, changelog and download updated > libssh on the following announcement post: > > https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
| Re: libssh 0.10.6 and libssh 0.9.8 security releases | Jakub Jelen <jjelen@xxxxxxxxxx> |
| libssh 0.10.6 and libssh 0.9.8 security releases | Jakub Jelen <jjelen@xxxxxxxxxx> |