[ubuntu/jammy-security] libssh 0.9.6-2ubuntu0.22.04.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Dec 19 13:04:40 UTC 2023
libssh (0.9.6-2ubuntu0.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: Prefix truncation attack on BPP
- debian/patches/CVE-2023-48795-1.patch: add client side mitigation.
- debian/patches/CVE-2023-48795-2.patch: add server side mitigations.
- debian/patches/CVE-2023-48795-3.patch: strip extensions from both kex
lists for matching.
- debian/patches/CVE-2023-48795-4.patch: tests: adjust calculation to
strict kex.
- CVE-2023-48795
Date: 2023-12-18 23:11:15.110782+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libssh/0.9.6-2ubuntu0.22.04.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list