Errata ALT-PU-2018-2504-1: Information

Package name: libssh
Version: 0.8.4-alt2
Bulletin updated: Oct. 18, 2018
Task: #215142

Fixes

Published: Oct. 17, 2018

BDU:2018-01221

Уязвимость механизма аутентификации серверной части библиотеки libssh, позволяющая нарушителю обойти процедуру аутентификации
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Oct. 17, 2018
Modified: Oct. 10, 2019

CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Links:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top