Summary: | <net-libs/libssh-0.8.4: Authentication bypass vulnerability in the server code (CVE-2018-10933) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Vlad K. <vk-gentoo-bugs> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | krinpaus, leho, phmagic |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.libssh.org/security/advisories/CVE-2018-10933.txt | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
net-libs/libssh-0.8.4
|
Runtime testing required: | --- |
Description
Vlad K.
2018-10-16 15:23:49 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b9446a58ef8701d59c8d267bfcd156a68de3f39b commit b9446a58ef8701d59c8d267bfcd156a68de3f39b Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-10-16 15:46:52 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-10-16 15:46:52 +0000 net-libs/libssh: 0.8.4 version bump for CVE-2018-10933 Bug: https://bugs.gentoo.org/668788 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 net-libs/libssh/Manifest | 1 + net-libs/libssh/libssh-0.8.4.ebuild | 111 ++++++++++++++++++++++++++++++++++++ 2 files changed, 112 insertions(+) Arches, please stabilise. x86 stable amd64 stable sparc stable. ppc/ppc64 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd0771522a00098ae9b7cfd284478281f307d58c commit fd0771522a00098ae9b7cfd284478281f307d58c Author: Tobias Klausmann <klausman@gentoo.org> AuthorDate: 2018-10-18 11:44:03 +0000 Commit: Tobias Klausmann <klausman@gentoo.org> CommitDate: 2018-10-18 11:44:03 +0000 net-libs/libssh-0.8.4-r0: alpha stable Bug: http://bugs.gentoo.org/668788 Signed-off-by: Tobias Klausmann <klausman@gentoo.org> net-libs/libssh/libssh-0.8.4.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Stable on alpha. Please note that net-libs/libssh-0.8.4 fails with libressl, see bug #669428 Does not concern stabilisation. ia64 stable arm stable, all arches done. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a06e9e74689c4f3bc82716c870d9502b1349dc71 commit a06e9e74689c4f3bc82716c870d9502b1349dc71 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-10-31 18:13:40 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-10-31 18:13:40 +0000 net-libs/libssh: Security cleanup Bug: https://bugs.gentoo.org/668788 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 net-libs/libssh/Manifest | 2 - net-libs/libssh/files/libssh-0.5.0-tests.patch | 11 -- .../files/libssh-0.7.5-add-macro-for-MAX.patch | 30 ---- .../libssh-0.7.5-fix-config-buffer-underflow.patch | 25 ---- .../files/libssh-0.7.5-fix-config-parsing.patch | 32 ----- .../libssh-0.7.5-fix-internal-algo-selection.patch | 156 --------------------- net-libs/libssh/libssh-0.7.4.ebuild | 100 ------------- net-libs/libssh/libssh-0.7.5-r2.ebuild | 103 -------------- net-libs/libssh/metadata.xml | 1 - 9 files changed, 460 deletions(-) KDE is done here, anyway... |