1. Home
  2. Security Advisories
  3. Fedora
  4. FEDORA-2023-55800423a8

[FEDORA-2023-55800423a8] Fedora 38: libssh

Severity Medium
Affected Packages 1
CVEs 3
Info Packages References Vulnerabilities

Fix regression in IPv6 hosntames parsing ---- New upstream release fixing
(CVE-2023-48795, CVE-2023-6004, CVE-2023-6918)

Package Affected Version
pkg:rpm/fedora/libssh?distro=fedora-38 < 0.10.6.2.fc38
ID
FEDORA-2023-55800423a8
Severity
medium
Severity from
CVE-2023-48795
URL
https://bodhi.fedoraproject.org/updates/FEDORA-2023-55800423a8
Published
2024-01-10T01:52:52
(8 months ago)
Modified
2024-01-10T01:52:52
(8 months ago)
Rights
Copyright 2024 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 2254997 Bug #2254997 - CVE-2023-6918 libssh: Missing checks for return values for digests https://bugzilla.redhat.com/show_bug.cgi?id=2254997
Bugzilla 2254210 Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP) https://bugzilla.redhat.com/show_bug.cgi?id=2254210
Bugzilla 2251110 Bug #2251110 - CVE-2023-6004 libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname https://bugzilla.redhat.com/show_bug.cgi?id=2251110
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/fedora/libssh?distro=fedora-38 fedora libssh < 0.10.6.2.fc38 fedora-38
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date