USN-6138-1: libssh vulnerabilities
5 June 2023
Several security issues were fixed in libssh.
- libssh - A tiny C SSH library
Philip Turnbull discovered that libssh incorrectly handled rekeying with
algorithm guessing. A remote attacker could use this issue to cause libssh
to crash, resulting in a denial of service, or possibly execute arbitrary
Kevin Backhouse discovered that libssh incorrectly handled verifying data
signatures. A remote attacker could possibly use this issue to bypass
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.