[RHSA-2020:4545] libssh security, bug fix, and enhancement update

Severity Moderate

Affected Packages 11

CVEs 2

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.

The following packages have been upgraded to a later upstream version: libssh (0.9.4). (BZ#1804797)

Security Fix(es):

libssh: denial of service when handling AES-CTR (or DES) ciphers (CVE-2020-1730)
libssh: unsanitized location in scp could lead to unwanted command execution (CVE-2019-14889)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Package	Affected Version
pkg:rpm/redhat/libssh?arch=x86_64&distro=redhat-8	< 0.9.4-2.el8
pkg:rpm/redhat/libssh?arch=s390x&distro=redhat-8	< 0.9.4-2.el8
pkg:rpm/redhat/libssh?arch=ppc64le&distro=redhat-8	< 0.9.4-2.el8
pkg:rpm/redhat/libssh?arch=i686&distro=redhat-8	< 0.9.4-2.el8
pkg:rpm/redhat/libssh?arch=aarch64&distro=redhat-8	< 0.9.4-2.el8
pkg:rpm/redhat/libssh-devel?arch=x86_64&distro=redhat-8	< 0.9.4-2.el8
pkg:rpm/redhat/libssh-devel?arch=s390x&distro=redhat-8	< 0.9.4-2.el8
pkg:rpm/redhat/libssh-devel?arch=ppc64le&distro=redhat-8	< 0.9.4-2.el8
pkg:rpm/redhat/libssh-devel?arch=i686&distro=redhat-8	< 0.9.4-2.el8
pkg:rpm/redhat/libssh-devel?arch=aarch64&distro=redhat-8	< 0.9.4-2.el8
pkg:rpm/redhat/libssh-config?distro=redhat-8	< 0.9.4-2.el8

ID

RHSA-2020:4545

Severity

moderate

URL

https://access.redhat.com/errata/RHSA-2020:4545

Published

2020-11-04T00:00:00
(3 years ago)

Modified

2020-11-04T00:00:00
(3 years ago)

Rights

Other Advisories

Source	# ID	URL
Bugzilla	1772523	https://bugzilla.redhat.com/1772523
Bugzilla	1801998	https://bugzilla.redhat.com/1801998
RHSA	RHSA-2020:4545	https://access.redhat.com/errata/RHSA-2020:4545
CVE	CVE-2019-14889	https://access.redhat.com/security/cve/CVE-2019-14889
CVE	CVE-2020-1730	https://access.redhat.com/security/cve/CVE-2020-1730

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/redhat/libssh?arch=x86_64&distro=redhat-8	redhat	libssh	< 0.9.4-2.el8	redhat-8	x86_64
Affected	pkg:rpm/redhat/libssh?arch=s390x&distro=redhat-8	redhat	libssh	< 0.9.4-2.el8	redhat-8	s390x
Affected	pkg:rpm/redhat/libssh?arch=ppc64le&distro=redhat-8	redhat	libssh	< 0.9.4-2.el8	redhat-8	ppc64le
Affected	pkg:rpm/redhat/libssh?arch=i686&distro=redhat-8	redhat	libssh	< 0.9.4-2.el8	redhat-8	i686
Affected	pkg:rpm/redhat/libssh?arch=aarch64&distro=redhat-8	redhat	libssh	< 0.9.4-2.el8	redhat-8	aarch64
Affected	pkg:rpm/redhat/libssh-devel?arch=x86_64&distro=redhat-8	redhat	libssh-devel	< 0.9.4-2.el8	redhat-8	x86_64
Affected	pkg:rpm/redhat/libssh-devel?arch=s390x&distro=redhat-8	redhat	libssh-devel	< 0.9.4-2.el8	redhat-8	s390x
Affected	pkg:rpm/redhat/libssh-devel?arch=ppc64le&distro=redhat-8	redhat	libssh-devel	< 0.9.4-2.el8	redhat-8	ppc64le
Affected	pkg:rpm/redhat/libssh-devel?arch=i686&distro=redhat-8	redhat	libssh-devel	< 0.9.4-2.el8	redhat-8	i686
Affected	pkg:rpm/redhat/libssh-devel?arch=aarch64&distro=redhat-8	redhat	libssh-devel	< 0.9.4-2.el8	redhat-8	aarch64
Affected	pkg:rpm/redhat/libssh-config?distro=redhat-8	redhat	libssh-config	< 0.9.4-2.el8	redhat-8

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date