Jakub Jelen

5 posts

libssh 0.10.5 and libssh 0.9.7 security releases

This is a security release of libssh to address the following security issues:

  • CVE-2023-1667 (moderate impact), a NULL dereference during rekeying with algorithm guessing. For forking servers, this should affect only the process handling the client requests. More details can be found in the advisory.
  • CVE-2023-2283 (moderate impact), a possible authorization bypass in pki_verify_data_signature under low-memory conditions. More details can be found in the advisory.
  • Possible memory leaks in GSSAPI authentication code

In addition the 0.10 version contains several bugfixes and backports. For full list, see the changelog below.

If you are new to libssh you should read our tutorial how to get started. Please join our mailing list or visit our IRC or Matrix channels if you have questions.

You can download libssh here.

ChangeLog for libssh 0.10.5

  • Fixed CVE-2023-1667 (Fix NULL dereference during rekeying with algorithm guessing)
  • Fixed CVE-2023-2283 (Possible authorization bypass in pki_verify_data_signature)
  • Fix several memory leaks in GSSAPI handling code
  • Escape braces in ProxyCommand created from ProxyJump options for zsh
    compatibility.
  • Fix pkg-config path relocation for MinGW
  • Improve doxygen documentation
  • Fix build with cygwin due to the glob support
  • Do not enqueue outgoing packets after sending SSH2_MSG_NEWKEYS
  • Add support for SSH_SUPPRESS_DEPRECATED
  • Avoid functions declarations without prototype to build with clang 15
  • Fix spelling issues
  • Avoid expanding KnownHosts, ProxyCommands and IdentityFiles repetitively
  • Add support sk-* keys through configuration
  • Improve checking for Argp library
  • Log information about received extensions
  • Correctly handle rekey with delayed compression
  • Move the EC keys handling to OpenSSL 3.0 API
  • Record peer disconnect message
  • Avoid deadlock when write buffering occurs and we call poll recursively to
    flush the output buffer
  • Disable preauthentication compression by default
  • Add CentOS 8 Stream / OpenSSL 1.1.1 to CI
  • Add accidentally removed default compile flags
  • Solve incorrect parsing of ProxyCommand option

ChangeLog for libssh 0.9.7

  • Fixed CVE-2023-1667 (Fix NULL dereference during rekeying with algorithm guessing)
  • Fixed CVE-2023-2283 (Possible authorization bypass in pki_verify_data_signature)
  • Fix several memory leaks in GSSAPI handling code
  • Build and test related backports