Several vulnerabilities were discovered in libssh, a tiny C SSH library.
CVE-2023-6004
It was reported that using the ProxyCommand or the ProxyJump feature
may allow an attacker to inject malicious code through specially
crafted hostnames.
CVE-2023-6918
Jack Weinstein reported that missing checks for return values for
digests may result in denial of service (application crashes) or
usage of uninitialized memory.
CVE-2023-48795
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that
the SSH protocol is prone to a prefix truncation attack, known as
the “Terrapin attack”. This attack allows a MITM attacker to effect
a limited break of the integrity of the early encrypted SSH
transport protocol by sending extra messages prior to the
commencement of encryption, and deleting an equal number of
consecutive messages immediately after encryption starts.
Details can be found at https://terrapin-attack.com/
More Stories
USN-7022-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
chromium-129.0.6668.58-1.fc39
FEDORA-2024-3d29b1647b Packages in this update: chromium-129.0.6668.58-1.fc39 Update description: update to 129.0.6668.58 * High CVE-2024-8904: Type Confusion in V8 * Medium...
chromium-129.0.6668.58-1.el9
FEDORA-EPEL-2024-034e4b1091 Packages in this update: chromium-129.0.6668.58-1.el9 Update description: update to 129.0.6668.58 * High CVE-2024-8904: Type Confusion in V8 * Medium...
chromium-129.0.6668.58-1.fc40
FEDORA-2024-d273b23c67 Packages in this update: chromium-129.0.6668.58-1.fc40 Update description: update to 129.0.6668.58 * High CVE-2024-8904: Type Confusion in V8 * Medium...
USN-7021-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-7020-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...