1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202312-16 ] libssh: Multiple Vulnerabilities

    From glsamaker@gentoo.org@21:1/5 to All on Thu Dec 28 04:00:01 2023
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202312-16
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: High
    Title: libssh: Multiple Vulnerabilities
    Date: December 28, 2023
    Bugs: #920291, #920724
    ID: 202312-16

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulnerabilities have been discovered in libssh, the worst of
    which could lead to code execution.

    Background
    ==========

    libssh is a multiplatform C library implementing the SSHv2 protocol on
    client and server side.

    Affected packages
    =================

    Package Vulnerable Unaffected
    --------------- ------------ ------------
    net-libs/libssh < 0.10.6 >= 0.10.6

    Description
    ===========

    Multiple vulnerabilities have been discovered in libssh. Please review
    the CVE identifiers referenced below for details.

    Impact
    ======

    Please review the referenced CVE identifiers for details.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All libssh users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-libs/libssh-0.10.6"

    References
    ==========

    [ 1 ] CVE-2023-6004
    https://nvd.nist.gov/vuln/detail/CVE-2023-6004
    [ 2 ] CVE-2023-48795
    https://nvd.nist.gov/vuln/detail/CVE-2023-48795

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202312-16

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2023 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmWM4iAACgkQFMQkOaVy +9nrJw//WdUsQWnMcN1uIQUXAGMke59JgV2xSGM6gh3r18W7LtwUGUYzRQmINZwi VUNBZoAv5+/RmVVuH3CUs5RiKWM7oZNasMo+IZVV0fUxxleq87mEncLVEIH/bias C9jnMPds/27H+Dt/AejFl534yXtq1YVKnPipjtMhcGgf4TK0Nj7I/wsndmRoqWVI aovNEg8M56iogLx5AWBnXhC+j39vb3CeoHIqOcVgN+KaI6R5C61DDJ00GKwugQqr NWlzBETWx00O/x/FZLsrtjfbeKkreDo6iZ76o/3BilEgDi5x0a03V/7uI5SrK/3G G5jVWehn8MufLb/pAdT+4VnSXgBYT3hu4psRIt4Ro52ZM5USTUm4+q1/yUkInpnW vlgIQcePKEy8B5qHJbkoSglkAeItyztGayiCh292uJkqrZjBaq/1fK/WsVmTw/Dp iHN6pEv5d54APodruMfZREwePr3NtgzJvrfk+jPmGwH+Eie+pYgaXuP/StSFha7S 48KiJtxWMqO9118a3Tq59sgYCiDvqUH9hPFZx37odhib+Mx9y0U9DwPRJq9rxwtW hFzyehh4xRF+7zArJa6b1pVGCsoSG8yURyOGANaheMHLadc3MyrjwYSOP5b/5H+C CD3+7f3TsnM14spcXWC1tLyQdmTBq/M6GbCFGcq/5INKN4jNdow=
    =Em02
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)