[ELSA-2022-2031] libssh security, bug fix, and enhancement update
Severity
Low
Affected Packages
3
CVEs
1
[0.9.6-3]
- Remove STI tests
[0.9.6-2]
- Remove bad patch causing errors
- Adding BuildRequires for openssh (SSHD support)
[0.9.6-1]
- Fix CVE-2021-3634: Fix possible heap-buffer overflow when
rekeying with different key exchange mechanism
- Rebase to version 0.9.6
- Rename SSHD_EXECUTABLE to SSH_EXECUTABLE in tests/torture.c
- Resolves: rhbz#1896651, rhbz#1994600
[0.9.4-4]
- Revert previous commit as it is incorrect.
[0.9.6-1]
- Fix CVE-2021-3634: Fix possible heap-buffer overflow when
rekeying with different key exchange mechanism (#1978810)
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/libssh?distro=oraclelinux-8 | < 0.9.6-3.el8 |
pkg:rpm/oraclelinux/libssh-devel?distro=oraclelinux-8 | < 0.9.6-3.el8 |
pkg:rpm/oraclelinux/libssh-config?distro=oraclelinux-8 | < 0.9.6-3.el8 |
- ID
- ELSA-2022-2031
- Severity
- low
- URL
- https://linux.oracle.com/errata/ELSA-2022-2031.html
- Published
-
2022-05-17T00:00:00
(2 years ago) - Modified
-
2022-05-17T00:00:00
(2 years ago) - Rights
- Copyright 2022 Oracle, Inc.
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2022-2031 | https://linux.oracle.com/errata/ELSA-2022-2031.html | |
CVE | CVE-2021-3634 | https://linux.oracle.com/cve/CVE-2021-3634.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/libssh?distro=oraclelinux-8 | oraclelinux | libssh | < 0.9.6-3.el8 | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/libssh-devel?distro=oraclelinux-8 | oraclelinux | libssh-devel | < 0.9.6-3.el8 | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/libssh-config?distro=oraclelinux-8 | oraclelinux | libssh-config | < 0.9.6-3.el8 | oraclelinux-8 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |