ELSA-2020-4545

ELSA-2020-4545 - libssh security, bug fix, and enhancement update

Type:SECURITY
Severity:MODERATE
Release Date:2020-11-10

Description


[0.9.4-2]
- Do not return error when server properly closed the channel (#1849071)
- Add a test for CVE-2019-14889
- Do not parse configuration file in torture_knownhosts test

[0.9.4-1]
- Update to version 0.9.4
https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
- Fixed CVE-2019-14889 (#1781782)
- Fixed CVE-2020-1730 (#1802422)
- Create missing directories in the path provided for known_hosts files (#1733914)
- Removed inclusion of OpenSSH server configuration file from
libssh_server.config (#1821339)


Related CVEs


CVE-2020-1730
CVE-2019-14889

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) libssh-0.9.4-2.el8.src.rpm23466184aa9ec700ef52767e03cf8fef-
libssh-0.9.4-2.el8.aarch64.rpm0cb8bea2220720a13d702c851479743e-
libssh-config-0.9.4-2.el8.noarch.rpmd2c1e23e628f6419c6824fbebd0abcc4-
libssh-devel-0.9.4-2.el8.aarch64.rpm98208bf1e6cd20d37e74cbbd0d6d10f9-
Oracle Linux 8 (x86_64) libssh-0.9.4-2.el8.src.rpm23466184aa9ec700ef52767e03cf8fef-
libssh-0.9.4-2.el8.i686.rpmbfae4ba7a95f0394ecd7e15ee48360df-
libssh-0.9.4-2.el8.x86_64.rpmc99c9a72047fdb8a3cb532dbd524b4cc-
libssh-config-0.9.4-2.el8.noarch.rpmd2c1e23e628f6419c6824fbebd0abcc4-
libssh-devel-0.9.4-2.el8.i686.rpmc375115baa747a15f44144f63207e0a4-
libssh-devel-0.9.4-2.el8.x86_64.rpm7e3877e6b05a72b63b956c3ad68faf4d-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete