Stay Connected:

ELSA-2020-4545

ELSA-2020-4545 - libssh security, bug fix, and enhancement update

Type:SECURITY
Impact:MODERATE
Release Date:2020-11-10

Description


[0.9.4-2]
- Do not return error when server properly closed the channel (#1849071)
- Add a test for CVE-2019-14889
- Do not parse configuration file in torture_knownhosts test

[0.9.4-1]
- Update to version 0.9.4
https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
- Fixed CVE-2019-14889 (#1781782)
- Fixed CVE-2020-1730 (#1802422)
- Create missing directories in the path provided for known_hosts files (#1733914)
- Removed inclusion of OpenSSH server configuration file from
libssh_server.config (#1821339)


Related CVEs


CVE-2020-1730
CVE-2019-14889

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) libssh-0.9.4-2.el8.src.rpmb7c3b8531f32f299ac9e85c1fd90cb27632bb71edf5a5d64a658e12231af323e-ol8_aarch64_appstream
libssh-0.9.4-2.el8.src.rpmb7c3b8531f32f299ac9e85c1fd90cb27632bb71edf5a5d64a658e12231af323e-ol8_aarch64_baseos_latest
libssh-0.9.4-2.el8.src.rpmb7c3b8531f32f299ac9e85c1fd90cb27632bb71edf5a5d64a658e12231af323e-ol8_aarch64_u3_baseos_base
libssh-0.9.4-2.el8.src.rpmb7c3b8531f32f299ac9e85c1fd90cb27632bb71edf5a5d64a658e12231af323e-ol8_aarch64_u4_baseos_base
libssh-0.9.4-2.el8.aarch64.rpm719c92f324c379d1d4c96339e79ddee77e433beaf1d1fe3666d18fbb7bcb77b4-ol8_aarch64_baseos_latest
libssh-0.9.4-2.el8.aarch64.rpm719c92f324c379d1d4c96339e79ddee77e433beaf1d1fe3666d18fbb7bcb77b4-ol8_aarch64_u3_baseos_base
libssh-0.9.4-2.el8.aarch64.rpm719c92f324c379d1d4c96339e79ddee77e433beaf1d1fe3666d18fbb7bcb77b4-ol8_aarch64_u4_baseos_base
libssh-config-0.9.4-2.el8.noarch.rpm91a58716904059f39eb83af6d19db08a2168767475d8e6ee9f270b70ccc31df5-ol8_aarch64_baseos_latest
libssh-config-0.9.4-2.el8.noarch.rpm91a58716904059f39eb83af6d19db08a2168767475d8e6ee9f270b70ccc31df5-ol8_aarch64_u3_baseos_base
libssh-config-0.9.4-2.el8.noarch.rpm91a58716904059f39eb83af6d19db08a2168767475d8e6ee9f270b70ccc31df5-ol8_aarch64_u4_baseos_base
libssh-devel-0.9.4-2.el8.aarch64.rpm6ae0bc215880589be18f2fefa7de4fa3b874d65e34e9527930f7cd35df34b887-ol8_aarch64_appstream
Oracle Linux 8 (x86_64) libssh-0.9.4-2.el8.src.rpmb7c3b8531f32f299ac9e85c1fd90cb27632bb71edf5a5d64a658e12231af323e-ol8_x86_64_appstream
libssh-0.9.4-2.el8.src.rpmb7c3b8531f32f299ac9e85c1fd90cb27632bb71edf5a5d64a658e12231af323e-ol8_x86_64_baseos_latest
libssh-0.9.4-2.el8.src.rpmb7c3b8531f32f299ac9e85c1fd90cb27632bb71edf5a5d64a658e12231af323e-ol8_x86_64_u3_baseos_base
libssh-0.9.4-2.el8.src.rpmb7c3b8531f32f299ac9e85c1fd90cb27632bb71edf5a5d64a658e12231af323e-ol8_x86_64_u4_baseos_base
libssh-0.9.4-2.el8.i686.rpm6f681d2349dc8c5736ab6d04766aa427cb34d5a32a0ee43f7182a27e52f824c3-ol8_x86_64_baseos_latest
libssh-0.9.4-2.el8.i686.rpm6f681d2349dc8c5736ab6d04766aa427cb34d5a32a0ee43f7182a27e52f824c3-ol8_x86_64_u3_baseos_base
libssh-0.9.4-2.el8.i686.rpm6f681d2349dc8c5736ab6d04766aa427cb34d5a32a0ee43f7182a27e52f824c3-ol8_x86_64_u4_baseos_base
libssh-0.9.4-2.el8.x86_64.rpma8c58ee6a0f58ddd75737b1cb69c9baa4792a4ab9929b70efc3f5f19fcd03e89-ol8_x86_64_baseos_latest
libssh-0.9.4-2.el8.x86_64.rpma8c58ee6a0f58ddd75737b1cb69c9baa4792a4ab9929b70efc3f5f19fcd03e89-ol8_x86_64_u3_baseos_base
libssh-0.9.4-2.el8.x86_64.rpma8c58ee6a0f58ddd75737b1cb69c9baa4792a4ab9929b70efc3f5f19fcd03e89-ol8_x86_64_u4_baseos_base
libssh-config-0.9.4-2.el8.noarch.rpm91a58716904059f39eb83af6d19db08a2168767475d8e6ee9f270b70ccc31df5-ol8_x86_64_baseos_latest
libssh-config-0.9.4-2.el8.noarch.rpm91a58716904059f39eb83af6d19db08a2168767475d8e6ee9f270b70ccc31df5-ol8_x86_64_u3_baseos_base
libssh-config-0.9.4-2.el8.noarch.rpm91a58716904059f39eb83af6d19db08a2168767475d8e6ee9f270b70ccc31df5-ol8_x86_64_u4_baseos_base
libssh-devel-0.9.4-2.el8.i686.rpmdaf5fdefadc61970ce1b228f2910d4250bdaedad642bdff53ac7b78b55b221b2-ol8_x86_64_appstream
libssh-devel-0.9.4-2.el8.x86_64.rpmbdd45155a5d860c4b33416257e90bd7ec645d10743fdf717ea6d2ce324c826df-ol8_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights