This is an important SECURITY and maintenance release in order to address CVE-2014-8132 – Double free on dangling pointers in initial key exchange packet.
libssh versions 0.5.1 and above could leave dangling pointers in the session
crypto structures. It is possible to send a malicious kexinit package to
eventually cause a server to do a double-free before this fix.
This could be used for a Denial of Service attack.
As this was found by a libssh developer there are no currently known exploits
for this problem (as of December 19th 2014).
If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our IRC channel if you have questions.
You can download libssh 0.6.4 here.
ChangeLog
- Fixed CVE-2014-8132.
- Added SHA-2 for session ID signing with ECDSA keys.
- Added support for ECDSA host keys.
- Added support for more ECDSA hostkey algorithms.
- Added ssh_pki_key_ecdsa_name() API.
- Fixed setting the bindfd only after successful listen.
- Fixed issues with user created sockets.
- Fixed several issues in libssh C++ wrapper.
- Fixed several documentation issues.
- Fixed channel exit-signal request.
- Fixed X11 request screen number in messages.
- Fixed several memory leaks.