Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in libssh
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in libssh
ID: RHSA-2024:2504
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9)
Datum: Mi, 1. Mai 2024, 22:04
Referenzen: https://access.redhat.com/security/cve/CVE-2023-6004
https://access.redhat.com/errata/RHSA-2024:2504
https://bugzilla.redhat.com/show_bug.cgi?id=2254997
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index
https://bugzilla.redhat.com/show_bug.cgi?id=2251110
https://access.redhat.com/security/cve/CVE-2023-6918
Applikationen: libssh

Originalnachricht

An update for libssh is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of
Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

libssh is a library which implements the SSH protocol. It can be used to
implement client and server applications.

Security Fix(es):

* libssh: ProxyCommand/ProxyJump features allow injection of malicious code
through hostname (CVE-2023-6004)

* libssh: Missing checks for return values for digests (CVE-2023-6918)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise
Linux 9.4 Release Notes linked from the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2023-6004: Improper Neutralization of Special Elements in Output Used by a
Downstream Component ('Injection') (CWE-74)
CVE-2023-6918: Unchecked Return Value (CWE-252)
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung