1. Home
  2. Security Advisories
  3. AlmaLinux OS
  4. ALSA-2020:4545

[ALSA-2020:4545] libssh security, bug fix, and enhancement update

Severity Moderate
Affected Packages 7
CVEs 2
Info Packages References Vulnerabilities

An update for libssh is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.

The following packages have been upgraded to a later upstream version: libssh (0.9.4). (BZ#1804797)

Security Fix(es):

  • libssh: denial of service when handling AES-CTR (or DES) ciphers (CVE-2020-1730)

  • libssh: unsanitized location in scp could lead to unwanted command execution (CVE-2019-14889)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

Package Affected Version
pkg:rpm/almalinux/libssh?arch=x86_64&distro=almalinux-8 < 0.9.4-2.el8
pkg:rpm/almalinux/libssh?arch=i686&distro=almalinux-8 < 0.9.4-2.el8
pkg:rpm/almalinux/libssh?arch=aarch64&distro=almalinux-8 < 0.9.4-2.el8
pkg:rpm/almalinux/libssh-devel?arch=x86_64&distro=almalinux-8 < 0.9.4-2.el8
pkg:rpm/almalinux/libssh-devel?arch=i686&distro=almalinux-8 < 0.9.4-2.el8
pkg:rpm/almalinux/libssh-devel?arch=aarch64&distro=almalinux-8 < 0.9.4-2.el8
pkg:rpm/almalinux/libssh-config?arch=noarch&distro=almalinux-8 < 0.9.4-2.el8
ID
ALSA-2020:4545
Severity
moderate
URL
https://errata.almalinux.org/ALSA-2020:4545.html
Published
2020-11-03T12:14:19
(3 years ago)
Modified
2021-05-04T09:10:38
(3 years ago)
Rights
Copyright 2021 AlmaLinux OS
Other Advisories
Source # ID Name URL
CVE CVE-2019-14889 https://vulners.com/cve/CVE-2019-14889
CVE CVE-2020-1730 https://vulners.com/cve/CVE-2020-1730
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/almalinux/libssh?arch=x86_64&distro=almalinux-8 almalinux libssh < 0.9.4-2.el8 almalinux-8 x86_64
Affected pkg:rpm/almalinux/libssh?arch=i686&distro=almalinux-8 almalinux libssh < 0.9.4-2.el8 almalinux-8 i686
Affected pkg:rpm/almalinux/libssh?arch=aarch64&distro=almalinux-8 almalinux libssh < 0.9.4-2.el8 almalinux-8 aarch64
Affected pkg:rpm/almalinux/libssh-devel?arch=x86_64&distro=almalinux-8 almalinux libssh-devel < 0.9.4-2.el8 almalinux-8 x86_64
Affected pkg:rpm/almalinux/libssh-devel?arch=i686&distro=almalinux-8 almalinux libssh-devel < 0.9.4-2.el8 almalinux-8 i686
Affected pkg:rpm/almalinux/libssh-devel?arch=aarch64&distro=almalinux-8 almalinux libssh-devel < 0.9.4-2.el8 almalinux-8 aarch64
Affected pkg:rpm/almalinux/libssh-config?arch=noarch&distro=almalinux-8 almalinux libssh-config < 0.9.4-2.el8 almalinux-8 noarch
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date