Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6371-1

Ubuntu Security Notice 6371-1 - It was discovered that libssh2 incorrectly handled memory access. An attacker could possibly use this issue to cause a crash.

Packet Storm
#vulnerability#ubuntu#ssh

==========================================================================
Ubuntu Security Notice USN-6371-1
September 14, 2023

libssh2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS (Available with Ubuntu Pro)
  • Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

libssh2 could be made to crash if it received specially
crafted network traffic.

Software Description:

  • libssh2: Client-side C library implementing the SSH2 protocol

Details:

It was discovered that libssh2 incorrectly handled memory
access. An attacker could possibly use this issue to cause
a crash.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
libssh2-1 1.8.0-2.1ubuntu0.1

Ubuntu 18.04 LTS:
libssh2-1 1.8.0-1ubuntu0.1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
libssh2-1 1.5.0-2ubuntu0.1+esm2

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
libssh2-1 1.4.3-2ubuntu0.2+esm3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6371-1
CVE-2020-22218

Package Information:
https://launchpad.net/ubuntu/+source/libssh2/1.8.0-2.1ubuntu0.1
https://launchpad.net/ubuntu/+source/libssh2/1.8.0-1ubuntu0.1

Related news

CVE-2023-48660: DSA-2023-443: Dell PowerMaxOS 5978, Dell Unisphere 360, Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Solutions Enabler Virtual Appliance, and Dell PowerMax EEM Secu

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

CVE-2023-43057: Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484.

Red Hat Security Advisory 2023-5615-01

Red Hat Security Advisory 2023-5615-01 - The libssh2 packages provide a library that implements the SSH2 protocol.

RHSA-2023:5615: Red Hat Security Advisory: libssh2 security update

An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22218: A flaw was found in the libssh2 library. An out-of-bounds access issue can occur due to an improper initialization of a variable, resulting in a crash in the application linked to the library.

CVE-2020-22218: fix use-of-uninitialized-value by ltx2018 · Pull Request #476 · libssh2/libssh2

An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.

Packet Storm: Latest News

Zeek 6.0.9