You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke libssh

Sigurnosni nedostatak programske biblioteke libssh

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4219-1
December 10, 2019

libssh vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

libssh could be made to run programs under certain conditions.

Software Description:
– libssh: A tiny C SSH library

Details:

It was discovered that libssh incorrectly handled certain scp commands. If
a user or automated system were tricked into using a specially-crafted scp
command, a remote attacker could execute arbitrary commands on the server.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
libssh-4 0.9.0-1ubuntu1.3

Ubuntu 19.04:
libssh-4 0.8.6-3ubuntu0.3

Ubuntu 18.04 LTS:
libssh-4 0.8.0~20170825.94fa1e38-1ubuntu0.5

Ubuntu 16.04 LTS:
libssh-4 0.6.3-4.3ubuntu0.5

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4219-1
CVE-2019-14889

Package Information:
https://launchpad.net/ubuntu/+source/libssh/0.9.0-1ubuntu1.3
https://launchpad.net/ubuntu/+source/libssh/0.8.6-3ubuntu0.3
https://launchpad.net/ubuntu/+source/libssh/0.8.0~20170825.94fa1e38-1ubuntu0.5
https://launchpad.net/ubuntu/+source/libssh/0.6.3-4.3ubuntu0.5

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl3v57kACgkQZWnYVadE
vpOzmhAAuPnv2mUWPcX0YQtDVUHq0pQCQV6I29Rz+Jl7TdHW68HrVPh0C0aanJqt
SPzGvgrvieRSXqRZ86ht/ZjtNjljALbdxIWQEXJu2vWLAKom+4IZHzwjog2gmfF8
iB5y/XT5PTsWXJIr+QGTQCVxhLujVV4umQg/XmCuopvsNCHY0sw8DzEAopCiyY2D
yk0YYML1Vh3dTqJfzqn6W35eETLIEqRycoOZrnxWGD/qoWVcxu5ViQU1d2+tgtpW
4wtFs3nKkMB1gudI765/3kDuWMd3hZkzAhwLNXpb6tUedTiW8c5hi9Ca3GAfLo+C
uuG82MNOMGjB22MP1xtHLibUXTk3Ta9s1yJcpSZPn8S3FtXJhbXD8tFlkXZVOW8x
xoTwk4G6kP5HXAzfE5M5BaaSrN4yE0YJ74FT9aT1wsg4J+prJ7KSjJNGNjFq9UQy
K8gT7aeyjIXS9iCrPfhBwxitoAGQ6MM//4ZZfTR3MRUMqXoMGXZQZv0teHs8L85h
hej9J2E4jLfRNc0K/VPHJAeIjpFY3vqijKvyrewwff2ElAUUZtmHdRLqVwd9LNVV
aahJRo7gbCn9hEy8Auvz6bd4zYq2q8ORXDp4NeXfu4gvHJm/vxzEl6dm3/pJ6miz
nYwaGJsua9VxfXAbjUKxeQAtPjYOjHtXSZKi6m3yUoL4VDQ3eNA=
=LR3N
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2019-12-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke eglibc

Otkriven je sigurnosni nedostatak programske biblioteke eglibc za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje...

Close