libssh 0.8.4 and 0.7.6 security and bugfix release

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

踢足球的火腿肠 · 溢价10倍，这届年轻人为何愿意为“小鼻嘎”买 ...· 1 月前 ·

非常酷的啄木鸟 · 林芝市科学技术局· 2 月前 ·

多情的啄木鸟 · What to focus on when ...· 4 月前 ·

不羁的课本 · 文明时代2：新秩序安卓版下载_文明时代2：新 ...· 4 月前 ·

力能扛鼎的剪刀 · 南京高一选科12组合，物生地为什么遇冷？江苏 ...· 7 月前 ·

This is an important security and maintenance release in order to address CVE-2018-10933 .

libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.

The bug was discovered by Peter Winter-Smith of NCC Group.

Advisories and Download

Advisories and patches for older versions can be found here .

If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our IRC channel if you have questions.

You can download libssh 0.8.4 or 0.7.6 here .

ChangeLog 0.8.4

Fixed CVE-2018-10933

Fixed building without globbing support

Fixed possible memory leaks

Avoid SIGPIPE on sockets

ChangeLog 0.7.6

Fixed CVE-2018-10933

Added support for OpenSSL 1.1

Added SHA256 support for ssh_get_publickey_hash()

Fixed config parsing

Fixed random memory corruption when importing pubkeys

推荐文章

踢足球的火腿肠 · 溢价10倍，这届年轻人为何愿意为“小鼻嘎”买单？ |【经纬低调出品】_腾讯新闻

1 月前

非常酷的啄木鸟 · 林芝市科学技术局

2 月前

多情的啄木鸟 · What to focus on when buying the LED street lights_Lighting Education_Blog_LED High Bay Lights Manuf

4 月前

不羁的课本 · 文明时代2：新秩序安卓版下载_文明时代2：新秩序BACK TO HOME下载_虫虫助手

4 月前

力能扛鼎的剪刀 · 南京高一选科12组合，物生地为什么遇冷？江苏考生绕不开了化学吧_物理_专业_高考

7 月前