DSA-5591-1 libssh - security update

Read Time:46 Second

Several vulnerabilities were discovered in libssh, a tiny C SSH library.

CVE-2023-6004

It was reported that using the ProxyCommand or the ProxyJump feature
may allow an attacker to inject malicious code through specially
crafted hostnames.

CVE-2023-6918

Jack Weinstein reported that missing checks for return values for
digests may result in denial of service (application crashes) or
usage of uninitialized memory.

CVE-2023-48795

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that
the SSH protocol is prone to a prefix truncation attack, known as
the “Terrapin attack”. This attack allows a MITM attacker to effect
a limited break of the integrity of the early encrypted SSH
transport protocol by sending extra messages prior to the
commencement of encryption, and deleting an equal number of
consecutive messages immediately after encryption starts.

Details can be found at https://terrapin-attack.com/

https://security-tracker.debian.org/tracker/DSA-5591-1

New Malware Variant RESURGE Exploits Ivanti Vulnerability

ClickFake Interview Campaign by Lazarus Targets Crypto Job Seekers

The Signal Chat Leak and the NSA

EU Commission to Invest €1.3bn in Cybersecurity and AI

NCSC Urges Users to Patch Next.js Flaw Immediately

US Seizes $8.2m from Romance Baiting Scammers

How Each Pillar of the 1st Amendment is Under Attack

£3 million fine for healthcare MSP with sloppy security after it was hit by ransomware attack

Friday Squid Blogging: Squid Werewolf Hacking Group

DSA-5591-1 libssh – security update

USN-7400-1: PHP vulnerabilities

USN-7399-1: RabbitMQ Server vulnerability

USN-7398-1: libtar vulnerabilities

USN-7397-1: AOM vulnerability

USN-7396-1: OVN vulnerability

USN-7395-1: WebKitGTK vulnerabilities