Information on source package libssh

Available versions

ReleaseVersion
buster0.8.7-1+deb10u1
buster (security)0.8.7-1+deb10u2
bullseye0.9.8-0+deb11u1
bookworm0.10.6-0+deb12u1
trixie0.10.6-2
sid0.10.6-2

Open issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2023-48795vulnerablefixedfixedfixedfixedThe SSH transport protocol with certain OpenSSH extensions, found in O ...
CVE-2023-6918vulnerablefixedfixedfixedfixedA flaw was found in the libssh implements abstract layer for message d ...
CVE-2023-6004vulnerablefixedfixedfixedfixedA flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump ...
CVE-2020-16135vulnerable (no DSA)fixedfixedfixedfixedlibssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buf ...

Resolved issues

BugDescription
CVE-2023-3603A missing allocation check in sftp server processing read requests may ...
CVE-2023-2283A vulnerability was found in libssh, where the authentication check of ...
CVE-2023-1667A NULL pointer dereference was found In libssh during re-keying with a ...
CVE-2021-3634A flaw has been found in libssh in versions prior to 0.9.6. The SSH pr ...
CVE-2020-1730A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in t ...
CVE-2019-14889A flaw was found with the libssh API function ssh_scp_new() in version ...
CVE-2018-10933A vulnerability was found in libssh's server-side state machine before ...
CVE-2016-0739libssh before 0.7.3 improperly truncates ephemeral secrets generated f ...
CVE-2015-3146The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in ...
CVE-2014-8132Double free vulnerability in the ssh_packet_kexinit function in kex.c ...
CVE-2014-0017The RAND_bytes function in libssh before 0.6.3, when forking is enable ...
CVE-2013-0176The publickey_from_privatekey function in libssh before 0.5.4, when no ...
CVE-2012-6063Double free vulnerability in the sftp_mkdir function in sftp.c in libs ...
CVE-2012-4562Multiple integer overflows in libssh before 0.5.3 allow remote attacke ...
CVE-2012-4561The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from ...
CVE-2012-4560Multiple buffer overflows in libssh before 0.5.3 allow remote attacker ...
CVE-2012-4559Multiple double free vulnerabilities in the (1) agent_sign_data functi ...

Security announcements

DSA / DLADescription
DSA-5591-1libssh - security update
DLA-3437-1libssh - security update
DSA-5409-1libssh - security update
DSA-4965-1libssh - security update
DLA-2303-1libssh - security update
DLA-2038-1libssh - security update
DLA-1548-1libssh - security update
DSA-4322-1libssh - security update
DSA-3488-1libssh - security update
DLA-425-1libssh - security update
DSA-2879-1libssh - security update
DSA-2577-1libssh - several

Search for package or bug name: Reporting problems