You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke libssh

Sigurnosni nedostatak programske biblioteke libssh

——————————————————————————–
Fedora Update Notification
FEDORA-2018-c08cd808d3
2018-10-20 23:51:16.763240
——————————————————————————–

Name : libssh
Product : Fedora 28
Version : 0.8.4
Release : 1.fc28
URL : http://www.libssh.org
Summary : A library implementing the SSH protocol
Description :
The ssh library was designed to be used by programmers needing a working SSH
implementation by the mean of a library. The complete control of the client is
made by the programmer. With libssh, you can remotely execute programs, transfer
files, use a secure and transparent tunnel for your remote programs. With its
Secure FTP implementation, you can play with remote files easily, without
third-party programs others than libcrypto (from openssl).

——————————————————————————–
Update Information:

Update to version 0.8.4 to address CVE-2018-10933
——————————————————————————–
ChangeLog:

* Tue Oct 16 2018 Andreas Schneider <asn@redhat.com> – 0.8.4-1
– Update to version 0.8.4
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release
– Fixes CVE-2018-10933
* Mon Oct 1 2018 Anderson Sasaki <ansasaki@redhat.com> – 0.8.3-3
– Fixed errors found by static code analysis
* Tue Sep 25 2018 Anderson Sasaki <ansasaki@redhat.com> – 0.8.3-2
– Add missing libssh_threads.so link to libssh-devel package
* Fri Sep 21 2018 Andreas Schneider <asn@redhat.com> – 0.8.3-1
– Update to version 0.8.3
https://www.libssh.org/2018/09/21/libssh-0-8-3/
* Thu Aug 30 2018 Andreas Schneider <asn@redhat.com> – 0.8.2-1
– Update to version 0.8.2
https://www.libssh.org/2018/08/30/libssh-0-8-2
* Thu Aug 16 2018 Andreas Schneider <asn@redhat.com> – 0.8.1-4
– Fix link creation or RPM doesn’t install it
* Wed Aug 15 2018 Andreas Schneider <asn@redhat.com> – 0.8.1-3
– Add missing so version for libssh_threads.so.4
* Tue Aug 14 2018 Andreas Schneider <asn@redhat.com> – 0.8.1-2
– Add Provides for libssh_threads.so to unbreak applications
* Mon Aug 13 2018 Andreas Schneider <asn@redhat.com> – 0.8.1-1
– Update to version 0.8.1
https://www.libssh.org/2018/08/13/libssh-0-8-1
– resolves: #1615248 – pkg-config –modversion
– resolves: #1615132 – library initialization
* Fri Aug 10 2018 Andreas Schneider <asn@redhat.com> – 0.8.0-1
– Update to version 0.8.0
https://www.libssh.org/2018/08/10/libssh-0-8-0/
* Wed Mar 7 2018 Rex Dieter <rdieter@fedoraproject.org> – 0.7.5-8
– BR: gcc-c++, use %make_build
——————————————————————————–
References:

[ 1 ] Bug #1639925 – CVE-2018-10933 libssh: Authentication Bypass due to improper message callbacks implementation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1639925
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-c08cd808d3’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2018-bca1c1ab49
2018-10-21 00:22:37.574861
——————————————————————————–

Name : libssh
Product : Fedora 27
Version : 0.7.6
Release : 1.fc27
URL : http://www.libssh.org
Summary : A library implementing the SSH protocol
Description :
The ssh library was designed to be used by programmers needing a working SSH
implementation by the mean of a library. The complete control of the client is
made by the programmer. With libssh, you can remotely execute programs, transfer
files, use a secure and transparent tunnel for your remote programs. With its
Secure FTP implementation, you can play with remote files easily, without
third-party programs others than libcrypto (from openssl).

——————————————————————————–
Update Information:

Update to version 0.7.6 to address CVE-2018-10933
——————————————————————————–
ChangeLog:

* Tue Oct 16 2018 Andreas Schneider <asn@redhat.com> – 0.7.6-1
– Update to version 0.7.6
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release
– Fixes CVE-2018-10933
* Thu Feb 1 2018 Andreas Schneider <asn@redhat.com> – 0.7.5-6
– resolves: #1540021 – Build against OpenSSL 1.1
* Wed Jan 31 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> – 0.7.5-5
– Switch to %ldconfig_scriptlets
* Fri Dec 29 2017 Andreas Schneider <asn@redhat.com> – 0.7.5-4
– Fix parsing ssh_config
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-bca1c1ab49’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libssh

Otkriven je sigurnosni nedostatak programske biblioteke libssh za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuju zaobilaženje sigurnosnih ograničenja. Savjetuje...

Close