From https://www.libssh.org/2023/05/04/libssh-0-10-5-and-libssh-0-9-7-security-releases/ """ This is a security release of libssh to address the following security issues: CVE-2023-1667 (moderate impact), a NULL dereference during rekeying with algorithm guessing. For forking servers, this should affect only the process handling the client requests. More details can be found in the advisory. (http://www.libssh.org/security/advisories/CVE-2023-1667.txt) CVE-2023-2283 (moderate impact), a possible authorization bypass in pki_verify_data_signature under low-memory conditions. More details can be found in the advisory. (http://www.libssh.org/security/advisories/CVE-2023-2283.txt) Possible memory leaks in GSSAPI authentication code """ Advisory 1: http://www.libssh.org/security/advisories/CVE-2023-1667.txt Advisory 2: http://www.libssh.org/security/advisories/CVE-2023-2283.txt
Fixed in 0.10.5.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee48485691557df690fffa102ba9fc3f2cae7d8c commit ee48485691557df690fffa102ba9fc3f2cae7d8c Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2023-05-09 13:40:49 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2023-05-09 14:23:17 +0000 net-libs/libssh: add 0.10.5 Bug: https://bugs.gentoo.org/905746 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> net-libs/libssh/Manifest | 1 + net-libs/libssh/libssh-0.10.5.ebuild | 135 +++++++++++++++++++++++++++++++++++ 2 files changed, 136 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3e5dca64033d3ead2636372fb466ad389809b60 commit f3e5dca64033d3ead2636372fb466ad389809b60 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2023-05-13 16:25:03 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2023-05-13 16:55:12 +0000 net-libs/libssh: drop 0.10.4 Bug: https://bugs.gentoo.org/905746 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> net-libs/libssh/Manifest | 1 - net-libs/libssh/libssh-0.10.4.ebuild | 135 ----------------------------------- 2 files changed, 136 deletions(-)
job done, kde proj out.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=174be492d35afaa268c5b3dc28edc79fee8cacf4 commit 174be492d35afaa268c5b3dc28edc79fee8cacf4 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-12-22 09:05:35 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-12-22 09:06:04 +0000 [ GLSA 202312-05 ] libssh: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/810517 Bug: https://bugs.gentoo.org/905746 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202312-05.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+)
