DSA-5409-1

Source
https://storage.googleapis.com/debian-osv/dsa-osv/DSA-5409-1.json
Aliases
Published
2023-05-23T00:00:00Z
Modified
2023-05-24T13:17:58.159427Z
Details

Two security issues have been discovered in libssh, a tiny C SSH library:

  • CVE-2023-1667 Philip Turnbull discovered a NULL pointer dereference which could result in denial of service.
  • CVE-2023-2283 Kevin Backhouse discovered that pki_verify_data_signature() may fail to correctly validate authentication in memory pressure situations.

For the stable distribution (bullseye), these problems have been fixed in version 0.9.7-0+deb11u1.

We recommend that you upgrade your libssh packages.

For the detailed security status of libssh please refer to its security tracker page at: \ https://security-tracker.debian.org/tracker/libssh

References

Affected packages

Debian:11 / libssh

libssh

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
0.9.7-0+deb11u1

Affected versions

0.*

0.9.5-1
0.9.5-1+deb11u1
0.9.6-1
0.9.6-2