libssh-0.9.4-2.el8

エラータID: AXSA:2021-1281:01

Release date: 
Thursday, January 21, 2021 - 05:42
Subject: 
libssh-0.9.4-2.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.

The following packages have been upgraded to a later upstream version: libssh (0.9.4).

Security Fix(es):

* libssh: denial of service when handling AES-CTR (or DES) ciphers (CVE-2020-1730)

* libssh: unsanitized location in scp could lead to unwanted command execution (CVE-2019-14889)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

CVE-2019-14889
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.
CVE-2020-1730
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

Solution: 

Update packages.

CVEs: 
CVE-2019-14889
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.
CVE-2020-1730
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.
Additional Info: 

N/A

Download: 

SRPMS
  1. libssh-0.9.4-2.el8.src.rpm
    MD5: 60a3ad36b55c6eab374386f50bbdd75d
    SHA-256: a142ecdc2cb86d867f1636229c4ca2f0900b146c543dcafa61491b0052a105a5
    Size: 520.45 kB

Asianux Server 8 for x86_64
  1. libssh-0.9.4-2.el8.x86_64.rpm
    MD5: 62dea25c0b340e30edf4eb316da7eb56
    SHA-256: 4ddfd67a7d461bacf22c085253be70bc23756b1ba22c539dc062433aa738f1f9
    Size: 213.43 kB
  2. libssh-config-0.9.4-2.el8.noarch.rpm
    MD5: dc53543064d1052efba9b03d277a7cf1
    SHA-256: a8784d7ad6d990dbfbce9c5d2bc11a1aec1b83964cd6bd2610aa2f7f32622de9
    Size: 17.37 kB
  3. libssh-devel-0.9.4-2.el8.x86_64.rpm
    MD5: 10d32110acb6e6a958fb93cb3e7a4f92
    SHA-256: b7b94474d77470e1f3a140336bf31f84861aad250f7196f27ed4642e588b74e1
    Size: 436.41 kB
  4. libssh-0.9.4-2.el8.i686.rpm
    MD5: 51609eb9611b52ac457fce6bb6d32a38
    SHA-256: cd00fc3e8546b9b52856ffbc4a7b40f3894b94dd532587df02a3c245ab0bbef1
    Size: 233.09 kB
  5. libssh-devel-0.9.4-2.el8.i686.rpm
    MD5: 17f343fe246e2f20cf60583b69d8418d
    SHA-256: 9964b5979209a7d5bf20be5707f82e7a643471a14ce89acddacc4da8ef3c7b0a
    Size: 436.47 kB