libssh-0.10.4-11.el9
エラータID: AXSA:2023-6991:04
リリース日:
2023/12/14 Thursday - 06:52
題名:
libssh-0.10.4-11.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- libssh には、NULL ポインタデリファレンスの問題があるため、
リモートの攻撃者により、推測したアルゴリズムによるキーの
再生成を介して、認証されたクライアントに対するサービス拒否
攻撃を可能とする脆弱性が存在します。(CVE-2023-1667)
- libssh の pki_verify_data_signature() 関数には、メモリ割り当て
に失敗した際にクライアントの認証のチェック処理が迂回されて
しまう問題があるため、リモートの攻撃者により、不正な認証を
可能とする脆弱性が存在します。(CVE-2023-2283)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-1667
A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.
A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.
CVE-2023-2283
A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.
A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.
追加情報:
N/A
ダウンロード:
SRPMS
- libssh-0.10.4-11.el9.src.rpm
MD5: 6ac949e07098f154d6e20eedb69003f0
SHA-256: 7a41c2b9ff2834910652784878d64122f5b06a8b0cd969138d2049b94fd413fa
Size: 628.86 kB
Asianux Server 9 for x86_64
- libssh-0.10.4-11.el9.i686.rpm
MD5: d5a2fed8252d693d372dfe9c6b1be232
SHA-256: 5af9c758f88d351ede084cd0d0f8457cfac9a158d8535374a0ef43459fcf3e10
Size: 229.42 kB - libssh-0.10.4-11.el9.x86_64.rpm
MD5: faa34e829d0e4fbe191661496a5fca92
SHA-256: b1e83a7b2b1af8b30b1b712536a37130d6661b050f93b808c2d0dcfca1b74853
Size: 213.95 kB - libssh-config-0.10.4-11.el9.noarch.rpm
MD5: dfaa318d31273abdac9024fd54e56db0
SHA-256: f0914348529eeec1a76f711dd229becf20d6478a5da5033f85cc976d558bda9d
Size: 9.47 kB - libssh-devel-0.10.4-11.el9.i686.rpm
MD5: 247b08c0e2eb9277d41322fd66216d40
SHA-256: a3b0a15c228d914d70589bfb3782fa623ce47f028abfbb91930c303cf0d7c2bd
Size: 38.95 kB - libssh-devel-0.10.4-11.el9.x86_64.rpm
MD5: 86b1f75c4f2d4ddd78099224428f8b40
SHA-256: 6c7bcc65c986680ebecc11c3cd69678753be80c393036c64703867a525ae457d
Size: 38.93 kB