[ELSA-2022-2031] libssh security, bug fix, and enhancement update

Severity Low

Affected Packages 3

CVEs 1

[0.9.6-3]
- Remove STI tests

[0.9.6-2]
- Remove bad patch causing errors
- Adding BuildRequires for openssh (SSHD support)

[0.9.6-1]
- Fix CVE-2021-3634: Fix possible heap-buffer overflow when
rekeying with different key exchange mechanism
- Rebase to version 0.9.6
- Rename SSHD_EXECUTABLE to SSH_EXECUTABLE in tests/torture.c
- Resolves: rhbz#1896651, rhbz#1994600

[0.9.4-4]
- Revert previous commit as it is incorrect.

[0.9.6-1]
- Fix CVE-2021-3634: Fix possible heap-buffer overflow when
rekeying with different key exchange mechanism (#1978810)

Package	Affected Version
pkg:rpm/oraclelinux/libssh?distro=oraclelinux-8	< 0.9.6-3.el8
pkg:rpm/oraclelinux/libssh-devel?distro=oraclelinux-8	< 0.9.6-3.el8
pkg:rpm/oraclelinux/libssh-config?distro=oraclelinux-8	< 0.9.6-3.el8

ID

ELSA-2022-2031

Severity

low

URL

https://linux.oracle.com/errata/ELSA-2022-2031.html

Published

2022-05-17T00:00:00
(2 years ago)

Modified

2022-05-17T00:00:00
(2 years ago)

Rights

Other Advisories

Source	# ID	Name	URL
elsa	ELSA-2022-2031		https://linux.oracle.com/errata/ELSA-2022-2031.html
CVE	CVE-2021-3634		https://linux.oracle.com/cve/CVE-2021-3634.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/oraclelinux/libssh?distro=oraclelinux-8	oraclelinux	libssh	< 0.9.6-3.el8	oraclelinux-8
Affected	pkg:rpm/oraclelinux/libssh-devel?distro=oraclelinux-8	oraclelinux	libssh-devel	< 0.9.6-3.el8	oraclelinux-8
Affected	pkg:rpm/oraclelinux/libssh-config?distro=oraclelinux-8	oraclelinux	libssh-config	< 0.9.6-3.el8	oraclelinux-8

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date