Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
patchinfo.32066
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.32066
<patchinfo incident="32066"> <issue tracker="cve" id="2023-1667"/> <issue tracker="cve" id="2023-6918"/> <issue tracker="cve" id="2023-48795"/> <issue tracker="cve" id="2023-2283"/> <issue tracker="cve" id="2023-6004"/> <issue tracker="bnc" id="1211190">VUL-0: CVE-2023-2283: libssh: authorization bypass in pki_verify_data_signature</issue> <issue tracker="bnc" id="1218126">VUL-0: CVE-2023-48795: libssh: prefix truncation breaking ssh channel integrity</issue> <issue tracker="bnc" id="1218186">VUL-0: CVE-2023-6918: libssh: Missing checks for return values for digests</issue> <issue tracker="bnc" id="1218209">VUL-0: CVE-2023-6004: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname</issue> <issue tracker="bnc" id="1211188">VUL-0: CVE-2023-1667: libssh: NULL pointer dereference during rekeying with algorithm guessing</issue> <packager>wfrisch</packager> <rating>important</rating> <category>security</category> <summary>Security update for libssh</summary> <description>This update for libssh fixes the following issues: Security fixes: - CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209) - CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126) - CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186) - CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188) - CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) Other fixes: - Update to version 0.9.8 - Allow @ in usernames when parsing from URI composes - Update to version 0.9.7 - Fix several memory leaks in GSSAPI handling code </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor