1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-4219-1

[USN-4219-1] libssh vulnerability

Severity Medium
Affected Packages 20
CVEs 1
Info Packages Vulnerabilities

libssh could be made to run programs under certain conditions.

It was discovered that libssh incorrectly handled certain scp commands. If
a user or automated system were tricked into using a specially-crafted scp
command, a remote attacker could execute arbitrary commands on the server.

Package Affected Version
pkg:deb/ubuntu/libssh-gcrypt-dev?distro=xenial < 0.6.3-4.3ubuntu0.5
pkg:deb/ubuntu/libssh-gcrypt-dev?distro=eoan < 0.9.0-1ubuntu1.3
pkg:deb/ubuntu/libssh-gcrypt-dev?distro=disco < 0.8.6-3ubuntu0.3
pkg:deb/ubuntu/libssh-gcrypt-dev?distro=bionic < 0.8.0~20170825.94fa1e38-1ubuntu0.5
pkg:deb/ubuntu/libssh-gcrypt-4?distro=xenial < 0.6.3-4.3ubuntu0.5
pkg:deb/ubuntu/libssh-gcrypt-4?distro=eoan < 0.9.0-1ubuntu1.3
pkg:deb/ubuntu/libssh-gcrypt-4?distro=disco < 0.8.6-3ubuntu0.3
pkg:deb/ubuntu/libssh-gcrypt-4?distro=bionic < 0.8.0~20170825.94fa1e38-1ubuntu0.5
pkg:deb/ubuntu/libssh-doc?distro=xenial < 0.6.3-4.3ubuntu0.5
pkg:deb/ubuntu/libssh-doc?distro=eoan < 0.9.0-1ubuntu1.3
pkg:deb/ubuntu/libssh-doc?distro=disco < 0.8.6-3ubuntu0.3
pkg:deb/ubuntu/libssh-doc?distro=bionic < 0.8.0~20170825.94fa1e38-1ubuntu0.5
pkg:deb/ubuntu/libssh-dev?distro=xenial < 0.6.3-4.3ubuntu0.5
pkg:deb/ubuntu/libssh-dev?distro=eoan < 0.9.0-1ubuntu1.3
pkg:deb/ubuntu/libssh-dev?distro=disco < 0.8.6-3ubuntu0.3
pkg:deb/ubuntu/libssh-dev?distro=bionic < 0.8.0~20170825.94fa1e38-1ubuntu0.5
pkg:deb/ubuntu/libssh-4?distro=xenial < 0.6.3-4.3ubuntu0.5
pkg:deb/ubuntu/libssh-4?distro=eoan < 0.9.0-1ubuntu1.3
pkg:deb/ubuntu/libssh-4?distro=disco < 0.8.6-3ubuntu0.3
pkg:deb/ubuntu/libssh-4?distro=bionic < 0.8.0~20170825.94fa1e38-1ubuntu0.5
ID
USN-4219-1
Severity
medium
URL
https://ubuntu.com/security/notices/USN-4219-1
Published
2019-12-10T17:49:56
(4 years ago)
Modified
2019-12-10T17:49:56
(4 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/libssh-gcrypt-dev?distro=xenial ubuntu libssh-gcrypt-dev < 0.6.3-4.3ubuntu0.5 xenial
Affected pkg:deb/ubuntu/libssh-gcrypt-dev?distro=eoan ubuntu libssh-gcrypt-dev < 0.9.0-1ubuntu1.3 eoan
Affected pkg:deb/ubuntu/libssh-gcrypt-dev?distro=disco ubuntu libssh-gcrypt-dev < 0.8.6-3ubuntu0.3 disco
Affected pkg:deb/ubuntu/libssh-gcrypt-dev?distro=bionic ubuntu libssh-gcrypt-dev < 0.8.0~20170825.94fa1e38-1ubuntu0.5 bionic
Affected pkg:deb/ubuntu/libssh-gcrypt-4?distro=xenial ubuntu libssh-gcrypt-4 < 0.6.3-4.3ubuntu0.5 xenial
Affected pkg:deb/ubuntu/libssh-gcrypt-4?distro=eoan ubuntu libssh-gcrypt-4 < 0.9.0-1ubuntu1.3 eoan
Affected pkg:deb/ubuntu/libssh-gcrypt-4?distro=disco ubuntu libssh-gcrypt-4 < 0.8.6-3ubuntu0.3 disco
Affected pkg:deb/ubuntu/libssh-gcrypt-4?distro=bionic ubuntu libssh-gcrypt-4 < 0.8.0~20170825.94fa1e38-1ubuntu0.5 bionic
Affected pkg:deb/ubuntu/libssh-doc?distro=xenial ubuntu libssh-doc < 0.6.3-4.3ubuntu0.5 xenial
Affected pkg:deb/ubuntu/libssh-doc?distro=eoan ubuntu libssh-doc < 0.9.0-1ubuntu1.3 eoan
Affected pkg:deb/ubuntu/libssh-doc?distro=disco ubuntu libssh-doc < 0.8.6-3ubuntu0.3 disco
Affected pkg:deb/ubuntu/libssh-doc?distro=bionic ubuntu libssh-doc < 0.8.0~20170825.94fa1e38-1ubuntu0.5 bionic
Affected pkg:deb/ubuntu/libssh-dev?distro=xenial ubuntu libssh-dev < 0.6.3-4.3ubuntu0.5 xenial
Affected pkg:deb/ubuntu/libssh-dev?distro=eoan ubuntu libssh-dev < 0.9.0-1ubuntu1.3 eoan
Affected pkg:deb/ubuntu/libssh-dev?distro=disco ubuntu libssh-dev < 0.8.6-3ubuntu0.3 disco
Affected pkg:deb/ubuntu/libssh-dev?distro=bionic ubuntu libssh-dev < 0.8.0~20170825.94fa1e38-1ubuntu0.5 bionic
Affected pkg:deb/ubuntu/libssh-4?distro=xenial ubuntu libssh-4 < 0.6.3-4.3ubuntu0.5 xenial
Affected pkg:deb/ubuntu/libssh-4?distro=eoan ubuntu libssh-4 < 0.9.0-1ubuntu1.3 eoan
Affected pkg:deb/ubuntu/libssh-4?distro=disco ubuntu libssh-4 < 0.8.6-3ubuntu0.3 disco
Affected pkg:deb/ubuntu/libssh-4?distro=bionic ubuntu libssh-4 < 0.8.0~20170825.94fa1e38-1ubuntu0.5 bionic
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date