[ubuntu/mantic-updates] libssh 0.10.5-3ubuntu1.1 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Tue Dec 19 14:28:30 UTC 2023


libssh (0.10.5-3ubuntu1.1) mantic-security; urgency=medium

  * SECURITY UPDATE: Prefix truncation attack on BPP
    - debian/patches/CVE-2023-48795-1.patch: add client side mitigation.
    - debian/patches/CVE-2023-48795-2.patch: add server side mitigations.
    - debian/patches/CVE-2023-48795-3.patch: strip extensions from both kex
      lists for matching.
    - debian/patches/CVE-2023-48795-4.patch: tests: adjust calculation to
      strict kex.
    - CVE-2023-48795

Date: 2023-12-18 22:48:09.918508+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libssh/0.10.5-3ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the mantic-changes mailing list