libssh-0.9.6-10.el8
エラータID: AXSA:2023-6150:03
リリース日:
2023/06/28 Wednesday - 02:11
題名:
libssh-0.9.6-10.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- libssh には、NULL ポインタデリファレンスの問題があるため、
リモートの攻撃者により、推測したアルゴリズムによるキーの
再生成を介して、認証されたクライアントに対するサービス拒否
攻撃を可能とする脆弱性が存在します。(CVE-2023-1667)
- libssh の pki_verify_data_signature() 関数には、メモリ割り当て
に失敗した際にクライアントの認証のチェック処理が迂回されて
しまう問題があるため、リモートの攻撃者により、不正な認証を
可能とする脆弱性が存在します。(CVE-2023-2283)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-1667
A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.
A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.
CVE-2023-2283
A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.
A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.
追加情報:
N/A
ダウンロード:
SRPMS
- libssh-0.9.6-10.el8.src.rpm
MD5: f29261df0238ed687c4bac6c504026d8
SHA-256: 2868bfb1877232197b3ff822ba34f08c6047c98b6b7bf38f3b689cb8bac0a291
Size: 1.08 MB
Asianux Server 8 for x86_64
- libssh-0.9.6-10.el8.i686.rpm
MD5: 127c8a935743eb8bd1aaff2305652bdc
SHA-256: efd5b07ec7a552f9e9630f822a7b7a5903dc29d0528388a8f949f2b6dfb00559
Size: 237.53 kB - libssh-0.9.6-10.el8.x86_64.rpm
MD5: 231662c6565e8b4ef1ee2d827059e9d9
SHA-256: d3ec0de353489262a231073a2fa1d6fbb310a0b3dda2dac53939abf7ec8f2364
Size: 217.37 kB - libssh-config-0.9.6-10.el8.noarch.rpm
MD5: eb58b5865550f4b126d30816eb273793
SHA-256: 305dc9c432c6baeb46e2354b55219c4155c48ba8ce421f30b59f81b6029b3f1a
Size: 19.28 kB - libssh-devel-0.9.6-10.el8.i686.rpm
MD5: 3687e10c56a673b2895f72b0d144b928
SHA-256: bb3e9f82ef61b557e544622ab1801737f2bd9536405c1bb9006e6f0b74d2bbe4
Size: 438.96 kB - libssh-devel-0.9.6-10.el8.x86_64.rpm
MD5: b499bd2e5037d7829b1bdcc4a7678ae4
SHA-256: 0b8cb5b06e47f0003055894aaa752245e5532f4ee3b27596391b330acab51c23
Size: 438.93 kB
English