Sigurnosni nedostatak programske biblioteke libssh

Preporuke

by - 11. prosinca 2019.0

==========================================================================
Ubuntu Security Notice USN-4219-1
December 10, 2019

libssh vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

libssh could be made to run programs under certain conditions.

Software Description:
– libssh: A tiny C SSH library

Details:

It was discovered that libssh incorrectly handled certain scp commands. If
a user or automated system were tricked into using a specially-crafted scp
command, a remote attacker could execute arbitrary commands on the server.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
libssh-4 0.9.0-1ubuntu1.3

Ubuntu 19.04:
libssh-4 0.8.6-3ubuntu0.3

Ubuntu 18.04 LTS:
libssh-4 0.8.0~20170825.94fa1e38-1ubuntu0.5

Ubuntu 16.04 LTS:
libssh-4 0.6.3-4.3ubuntu0.5

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4219-1
CVE-2019-14889

Package Information:
https://launchpad.net/ubuntu/+source/libssh/0.9.0-1ubuntu1.3
https://launchpad.net/ubuntu/+source/libssh/0.8.6-3ubuntu0.3
https://launchpad.net/ubuntu/+source/libssh/0.8.0~20170825.94fa1e38-1ubuntu0.5
https://launchpad.net/ubuntu/+source/libssh/0.6.3-4.3ubuntu0.5

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl3v57kACgkQZWnYVadE
vpOzmhAAuPnv2mUWPcX0YQtDVUHq0pQCQV6I29Rz+Jl7TdHW68HrVPh0C0aanJqt
SPzGvgrvieRSXqRZ86ht/ZjtNjljALbdxIWQEXJu2vWLAKom+4IZHzwjog2gmfF8
iB5y/XT5PTsWXJIr+QGTQCVxhLujVV4umQg/XmCuopvsNCHY0sw8DzEAopCiyY2D
yk0YYML1Vh3dTqJfzqn6W35eETLIEqRycoOZrnxWGD/qoWVcxu5ViQU1d2+tgtpW
4wtFs3nKkMB1gudI765/3kDuWMd3hZkzAhwLNXpb6tUedTiW8c5hi9Ca3GAfLo+C
uuG82MNOMGjB22MP1xtHLibUXTk3Ta9s1yJcpSZPn8S3FtXJhbXD8tFlkXZVOW8x
xoTwk4G6kP5HXAzfE5M5BaaSrN4yE0YJ74FT9aT1wsg4J+prJ7KSjJNGNjFq9UQy
K8gT7aeyjIXS9iCrPfhBwxitoAGQ6MM//4ZZfTR3MRUMqXoMGXZQZv0teHs8L85h
hej9J2E4jLfRNc0K/VPHJAeIjpFY3vqijKvyrewwff2ElAUUZtmHdRLqVwd9LNVV
aahJRo7gbCn9hEy8Auvz6bd4zYq2q8ORXDp4NeXfu4gvHJm/vxzEl6dm3/pJ6miz
nYwaGJsua9VxfXAbjUKxeQAtPjYOjHtXSZKi6m3yUoL4VDQ3eNA=
=LR3N
—–END PGP SIGNATURE—–
—

Sigurnosni nedostatak programske biblioteke libssh

Archives

More in Preporuke

Sigurnosni nedostatak programske biblioteke eglibc