SUSE-SU-2024:0140-1 -- SLES libsshID: oval:org.secpod.oval:def:89051386 | Date: (C)2024-01-23 (M)2024-04-29 |
Class: PATCH | Family: unix |
This update for libssh fixes the following issues: Security fixes: * CVE-2023-6004: Fixed command injection using proxycommand * CVE-2023-48795: Fixed potential downgrade attack using strict kex * CVE-2023-6918: Fixed missing checks for return values of MD functions * CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing * CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions Other fixes: * Update to version 0.9.8 * Allow @ in usernames when parsing from URI composes * Update to version 0.9.7 * Fix several memory leaks in GSSAPI handling code
Platform: |
SUSE Linux Enterprise Desktop 15 SP4 |
SUSE Linux Enterprise Desktop 15 SP5 |
SUSE Linux Enterprise Server 15 SP4 |
SUSE Linux Enterprise Server 15 SP5 |