1. Home
  2. Security Advisories
  3. Rocky Linux
  4. RLSA-2023:3839

[RLSA-2023:3839] libssh security update

Severity Moderate
Affected Packages 5
CVEs 2
Info Packages References Vulnerabilities

An update is available for libssh. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.

Security Fix(es):

  • libssh: NULL pointer dereference during rekeying with algorithm guessing (CVE-2023-1667)

  • libssh: authorization bypass in pki_verify_data_signature (CVE-2023-2283)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package Affected Version
pkg:rpm/rockylinux/libssh?arch=x86_64&distro=rockylinux-8.8 < 0.9.6-10.el8_8
pkg:rpm/rockylinux/libssh?arch=aarch64&distro=rockylinux-8.8 < 0.9.6-10.el8_8
pkg:rpm/rockylinux/libssh-devel?arch=x86_64&distro=rockylinux-8.8 < 0.9.6-10.el8_8
pkg:rpm/rockylinux/libssh-devel?arch=aarch64&distro=rockylinux-8.8 < 0.9.6-10.el8_8
pkg:rpm/rockylinux/libssh-config?arch=noarch&distro=rockylinux-8.8 < 0.9.6-10.el8_8
ID
RLSA-2023:3839
Severity
moderate
URL
https://errata.rockylinux.org/RLSA-2023:3839
Published
2023-07-08T02:54:11
(14 months ago)
Modified
2023-07-08T02:55:44
(14 months ago)
Rights
Copyright 2024 Rocky Enterprise Software Foundation
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/rockylinux/libssh?arch=x86_64&distro=rockylinux-8.8 rockylinux libssh < 0.9.6-10.el8_8 rockylinux-8.8 x86_64
Affected pkg:rpm/rockylinux/libssh?arch=aarch64&distro=rockylinux-8.8 rockylinux libssh < 0.9.6-10.el8_8 rockylinux-8.8 aarch64
Affected pkg:rpm/rockylinux/libssh-devel?arch=x86_64&distro=rockylinux-8.8 rockylinux libssh-devel < 0.9.6-10.el8_8 rockylinux-8.8 x86_64
Affected pkg:rpm/rockylinux/libssh-devel?arch=aarch64&distro=rockylinux-8.8 rockylinux libssh-devel < 0.9.6-10.el8_8 rockylinux-8.8 aarch64
Affected pkg:rpm/rockylinux/libssh-config?arch=noarch&distro=rockylinux-8.8 rockylinux libssh-config < 0.9.6-10.el8_8 rockylinux-8.8 noarch
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date