[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: libssh 0.10.6 and libssh 0.9.8 security releases
[Thread Prev] | [Thread Next]
- Subject: Re: libssh 0.10.6 and libssh 0.9.8 security releases
- From: Norm Green <norm.green@xxxxxxxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Wed, 27 Dec 2023 14:16:36 -0800
- To: libssh@xxxxxxxxxx
I am not seeing a release tag for 0.10.6 in https://git.libssh.org/projects/libssh.git .
Is there supposed to be one? Norm Green On 12/25/2023 11:26 AM, Jakub Jelen wrote:
Thank you for the update of cygwin! Note, that the 0.10.6 had a regression in IPv6 parsing as mentioned in the updated announcement on the blog (but not yet mentioned here). So please, consider pulling also the fix for following issue: https://gitlab.com/libssh/libssh-mirror/-/issues/227 Jakub On Mon, Dec 25, 2023 at 2:12 PM Carlo Bramini <carlo.bramix@xxxxxxxxx> wrote:Thank you very much! I updated my packages of libssh to version 0.10.6-1 for CYGWIN into my repo: https://github.com/carlo-bramini/packages-cygwin/tree/main/libssh Sincerely, Carlo Bramini.Il 18/12/2023 21:54 CET Jakub Jelen <jjelen@xxxxxxxxxx> ha scritto: The two new releases of libssh 0.9 and 0.10 address the following security issues: * CVE-2023-6004: Command Injection using malicious hostname in expanded proxycommand. More details can be found in the advisory. * CVE-2023-48795: Avoid potential downgrade attacks by implementing strict kex. More details can be found in the advisory. * CVE-2023-6918: Avoid potential use of weak keys in low memory conditions by systematically checking return values of MD functions. More details can be found in the advisory. In addition the 0.10 version contains several bugfixes and backports. For full list, see the changelog below. If you are new to libssh you should read our tutorial how to get started. Please join our mailing list or visit Matrix channel if you have questions. You can read the full advisories, changelog and download updated libssh on the following announcement post: https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
| libssh 0.10.6 and libssh 0.9.8 security releases | Jakub Jelen <jjelen@xxxxxxxxxx> |
| Re: libssh 0.10.6 and libssh 0.9.8 security releases | Carlo Bramini <carlo.bramix@xxxxxxxxx> |
| Re: libssh 0.10.6 and libssh 0.9.8 security releases | Jakub Jelen <jjelen@xxxxxxxxxx> |