1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-6592-2

[USN-6592-2] libssh vulnerabilities

Severity Medium
Affected Packages 10
CVEs 2
Info Packages Vulnerabilities

Several security issues were fixed in libssh.

USN-6592-1 fixed vulnerabilities in libssh. This update provides the
corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that libssh incorrectly handled the ProxyCommand and the
ProxyJump features. A remote attacker could possibly use this issue to
inject malicious code into the command of the features mentioned through
the hostname parameter. (CVE-2023-6004)

It was discovered that libssh incorrectly handled return codes when
performing message digest operations. A remote attacker could possibly use
this issue to cause libssh to crash, obtain sensitive information, or
execute arbitrary code. (CVE-2023-6918)

Package Affected Version
pkg:deb/ubuntu/libssh-gcrypt-dev?distro=xenial < 0.6.3-4.3ubuntu0.6+esm1
pkg:deb/ubuntu/libssh-gcrypt-dev?distro=bionic < 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3
pkg:deb/ubuntu/libssh-gcrypt-4?distro=xenial < 0.6.3-4.3ubuntu0.6+esm1
pkg:deb/ubuntu/libssh-gcrypt-4?distro=bionic < 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3
pkg:deb/ubuntu/libssh-doc?distro=xenial < 0.6.3-4.3ubuntu0.6+esm1
pkg:deb/ubuntu/libssh-doc?distro=bionic < 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3
pkg:deb/ubuntu/libssh-dev?distro=xenial < 0.6.3-4.3ubuntu0.6+esm1
pkg:deb/ubuntu/libssh-dev?distro=bionic < 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3
pkg:deb/ubuntu/libssh-4?distro=xenial < 0.6.3-4.3ubuntu0.6+esm1
pkg:deb/ubuntu/libssh-4?distro=bionic < 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3
ID
USN-6592-2
Severity
medium
Severity from
CVE-2023-6918
URL
https://ubuntu.com/security/notices/USN-6592-2
Published
2024-02-05T13:02:16
(7 months ago)
Modified
2024-02-05T13:02:16
(7 months ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/libssh-gcrypt-dev?distro=xenial ubuntu libssh-gcrypt-dev < 0.6.3-4.3ubuntu0.6+esm1 xenial
Affected pkg:deb/ubuntu/libssh-gcrypt-dev?distro=bionic ubuntu libssh-gcrypt-dev < 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3 bionic
Affected pkg:deb/ubuntu/libssh-gcrypt-4?distro=xenial ubuntu libssh-gcrypt-4 < 0.6.3-4.3ubuntu0.6+esm1 xenial
Affected pkg:deb/ubuntu/libssh-gcrypt-4?distro=bionic ubuntu libssh-gcrypt-4 < 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3 bionic
Affected pkg:deb/ubuntu/libssh-doc?distro=xenial ubuntu libssh-doc < 0.6.3-4.3ubuntu0.6+esm1 xenial
Affected pkg:deb/ubuntu/libssh-doc?distro=bionic ubuntu libssh-doc < 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3 bionic
Affected pkg:deb/ubuntu/libssh-dev?distro=xenial ubuntu libssh-dev < 0.6.3-4.3ubuntu0.6+esm1 xenial
Affected pkg:deb/ubuntu/libssh-dev?distro=bionic ubuntu libssh-dev < 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3 bionic
Affected pkg:deb/ubuntu/libssh-4?distro=xenial ubuntu libssh-4 < 0.6.3-4.3ubuntu0.6+esm1 xenial
Affected pkg:deb/ubuntu/libssh-4?distro=bionic ubuntu libssh-4 < 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3 bionic
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date