You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa libssh

Sigurnosni nedostatak programskog paketa libssh

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2015-06-30 17:57:48

Name : libssh
Product : Fedora 22
Version : 0.7.1
Release : 1.fc22
Summary : A library implementing the SSH protocol
Description :
The ssh library was designed to be used by programmers needing a working SSH
implementation by the mean of a library. The complete control of the client is
made by the programmer. With libssh, you can remotely execute programs, transfer
files, use a secure and transparent tunnel for your remote programs. With its
Secure FTP implementation, you can play with remote files easily, without
third-party programs others than libcrypto (from openssl).

Update Information:

Update to version 0.7.1
Add patch to fix undefined symbol: ssh_forward_listen (bug #1221310)

Update to version 0.7.0
Security fix for CVE-2015-3146

* Tue Jun 30 2015 Andreas Schneider <> – 0.7.1-1
– Update to version 0.7.1
* Fixed SSH_AUTH_PARTIAL auth with auto public key
* Fixed memory leak in session options
* Fixed allocation of ed25519 public keys
* Fixed channel exit-status and exit-signal
* Reintroduce ssh_forward_listen()
– resolves: #1223964 – Fix channel exit status.
* Thu May 21 2015 Orion Poplawski <> – 0.7.0-2
– Add patch to fix undefined symbol: ssh_forward_listen (bug #1221310)
* Mon May 11 2015 Andreas Schneider <> – 0.7.0-1
– Update to version 0.7.0
* Added support for ed25519 keys
* Added SHA2 algorithms for HMAC
* Added improved and more secure buffer handling code
* Added callback for auth_none_function
* Added support for ECDSA private key signing
* Added more tests
* Fixed a lot of bugs
* Improved API documentation
* Thu Apr 30 2015 Andreas Schneider <> – 0.6.5-1
– resolves: #1213775 – Security fix for CVE-2015-3146
– resolves: #1218076 – Security fix for CVE-2015-3146

[ 1 ] Bug #1213775 – CVE-2015-3146 libssh: null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets

This update can be installed with the “yum” update program. Use
su -c ‘yum update libssh’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarijo Plepelic
Cert idNCERT-REF-2015-07-0045-ADV
More in Preporuke
Ranjivost u VBScript mehanizmu

Microsoft je izdao zakrpu za otklanjanje kritične ranjivosti u VBScript mehanizmu za operacijske sustave Windows Vista, Windows Server 2003 i...