This is a security release of libssh to address CVE-2020-1730 (moderate impact), a possible Denial of Service (DoS) in client and server when handling AES-CTR keys with OpenSSL. A workaround exists. More details can be found in the advisory.
In addition the 0.9 version addresses several memory leaks and adds support for diffie-hellman-group14-sha256 key exchange.
If you are new to libssh you should read our tutorial how to get started. Please join our mailing list or visit our IRC channel if you have questions.
You can download libssh here.
ChangeLog for libssh 0.9.4
- Fixed CVE-2020-1730 (Possible DoS in client and server when handling AES-CTR keys with OpenSSL)
- Added diffie-hellman-group14-sha256
- Fixed several possible memory leaks
ChangeLog for libssh 0.8.9
- Fixed CVE-2020-1730 (Possible DoS in client and server when handling AES-CTR keys with OpenSSL)