CLSA-2024-1709562468

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1709562468.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2024-1709562468
Upstream
Published
2024-03-04T14:27:52Z
Modified
2026-06-04T09:46:30.208569274Z
Summary
Fix CVE(s): CVE-2023-6004, CVE-2023-6918
Details
  • SECURITY UPDATE: ProxyCommand/ProxyJump features allow injection of malicious code through hostname
    • debian/patches/CVE-2023-6004-pre1.patch: move common parser functions to configparser.c
    • debian/patches/CVE-2023-6004-pre2.patch: prevent possible segmentation fault
    • debian/patches/CVE-2023-6004-02.patch: allow multiple '@' in usernames
    • debian/patches/CVE-2023-6004-03.patch: simplify the hostname parsing in sshoptionsset
    • debian/patches/CVE-2023-6004-04.patch: add function to check allowed characters of a hostname
    • debian/patches/CVE-2023-6004-05.patch: add test for sshcheckhostnamesyntax
    • debian/patches/CVE-2023-6004-06.patch: check for valid syntax of a hostname if it is a domain name
    • debian/patches/CVE-2023-6004-07.patch: add test for proxycommand injection
    • debian/patches/CVE-2023-6004-08.patch: add test for sshisipaddr
    • debian/patches/CVE-2023-6004-09.patch: add ipv6 link-local check for an ip address
    • debian/patches/CVE-2023-6004-10.patch: add tests for ipv6 link-local
    • debian/patches/CVE-2023-6004-regression1.patch: fix regression in IPv6 addresses in hostname parsing
    • debian/patches/CVE-2023-6004-regression2.patch: increase test coverage for IPv6 address parsing as hostnames
    • CVE-2023-6004
  • SECURITY UPDATE: Unchecked return values for digests may cause DoS
    • debian/patches/CVE-2023-6918-1.patch: systematically check return values when calculating digests
    • debian/patches/CVE-2023-6918-2.patch: detect context init failures
    • debian/patches/CVE-2023-6918-3.patch: code coverage for sshgetpubkey_hash()
    • CVE-2023-6918
References

Affected packages

TuxCare:Ubuntu:16.04 / libssh-4

Package

Name
libssh-4
Purl
pkg:deb/tuxcare/libssh-4?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.3-4.3ubuntu0.6+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1709562468.json"

TuxCare:Ubuntu:16.04 / libssh-dev

Package

Name
libssh-dev
Purl
pkg:deb/tuxcare/libssh-dev?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.3-4.3ubuntu0.6+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1709562468.json"

TuxCare:Ubuntu:16.04 / libssh-doc

Package

Name
libssh-doc
Purl
pkg:deb/tuxcare/libssh-doc?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.3-4.3ubuntu0.6+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1709562468.json"

TuxCare:Ubuntu:16.04 / libssh-gcrypt-4

Package

Name
libssh-gcrypt-4
Purl
pkg:deb/tuxcare/libssh-gcrypt-4?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.3-4.3ubuntu0.6+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1709562468.json"

TuxCare:Ubuntu:16.04 / libssh-gcrypt-dev

Package

Name
libssh-gcrypt-dev
Purl
pkg:deb/tuxcare/libssh-gcrypt-dev?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.3-4.3ubuntu0.6+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1709562468.json"