1. Home
  2. Security Advisories
  3. Slackware Linux
  4. SSA:2023-353-01

[SSA:2023-353-01] libssh

Severity Medium
Affected Packages 6
CVEs 3
Info Packages Vulnerabilities

New libssh packages are available for Slackware 14.2, 15.0, and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog

patches/packages/libssh-0.10.6-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Command injection using proxycommand.
Potential downgrade attack using strict kex.
Missing checks for return values of MD functions.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-6004
https://www.cve.org/CVERecord?id=CVE-2023-48795
https://www.cve.org/CVERecord?id=CVE-2023-6918
(* Security fix *)

Where to find the new packages

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libssh-0.10.6-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libssh-0.10.6-x86_64-1_slack14.2.txz

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libssh-0.10.6-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libssh-0.10.6-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libssh-0.10.6-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libssh-0.10.6-x86_64-1.txz

MD5 signatures

Slackware 14.2 package:
df594d833d2b61430550c4a6249e8e16 libssh-0.10.6-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
697e225933eb11593ee2db6dca0d38a8 libssh-0.10.6-x86_64-1_slack14.2.txz

Slackware 15.0 package:
122816350a43ac336e1f48fcf3c0b2aa libssh-0.10.6-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
09688c662806fcfbc8b7f2b3bf408674 libssh-0.10.6-x86_64-1_slack15.0.txz

Slackware -current package:
c3a0ff73b4a2d523f99a5e06b4b8df75 l/libssh-0.10.6-i586-1.txz

Slackware x86_64 -current package:
01fba0c880daaf7536dcf31cc5553708 l/libssh-0.10.6-x86_64-1.txz

Installation instructions

Upgrade the package as root:
# upgradepkg libssh-0.10.6-i586-1_slack15.0.txz

Package Affected Version
pkg:slackbuild/slackware/libssh?arch=x86_64&distro=slackware64-current < 0.10.6
pkg:slackbuild/slackware/libssh?arch=x86_64&distro=slackware64-15.0 < 0.10.6
pkg:slackbuild/slackware/libssh?arch=x86_64&distro=slackware64-14.2 < 0.10.6
pkg:slackbuild/slackware/libssh?arch=i586&distro=slackware-current < 0.10.6
pkg:slackbuild/slackware/libssh?arch=i586&distro=slackware-15.0 < 0.10.6
pkg:slackbuild/slackware/libssh?arch=i586&distro=slackware-14.2 < 0.10.6
ID
SSA:2023-353-01
Severity
medium
Severity from
CVE-2023-48795
URL
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.394037
Published
2023-12-19T21:31:02
(9 months ago)
Modified
2023-12-19T21:31:02
(9 months ago)
Rights
Slackware Linux Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:slackbuild/slackware/libssh?arch=x86_64&distro=slackware64-current slackware libssh < 0.10.6 slackware64-current x86_64
Affected pkg:slackbuild/slackware/libssh?arch=x86_64&distro=slackware64-15.0 slackware libssh < 0.10.6 slackware64-15.0 x86_64
Affected pkg:slackbuild/slackware/libssh?arch=x86_64&distro=slackware64-14.2 slackware libssh < 0.10.6 slackware64-14.2 x86_64
Affected pkg:slackbuild/slackware/libssh?arch=i586&distro=slackware-current slackware libssh < 0.10.6 slackware-current i586
Affected pkg:slackbuild/slackware/libssh?arch=i586&distro=slackware-15.0 slackware libssh < 0.10.6 slackware-15.0 i586
Affected pkg:slackbuild/slackware/libssh?arch=i586&distro=slackware-14.2 slackware libssh < 0.10.6 slackware-14.2 i586
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date