Operating System:

[Debian]

Published:

30 May 2023

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2023.3069 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.3069
                          libssh security update
                                30 May 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libssh
Publisher:         Debian
Operating System:  Debian GNU/Linux
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-1667 CVE-2019-14889 

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2023/05/msg00029.html

Comment: CVSS (Max):  8.8 CVE-2019-14889 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
         CVSS Source: [NVD], Red Hat
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3437-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Tobias Frost
May 29, 2023                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libssh
Version        : 0.8.7-1+deb10u2
CVE ID         : CVE-2019-14889 CVE-2023-1667
Debian Bug     : 946548 1035832

Two security issues have been discovered in libssh, a tiny C SSH
library, which may allows an remote authenticated user to cause a denial
of service or inject arbitrary commands.

CVE-2019-14889

    A flaw was found with the libssh API function ssh_scp_new() in
    versions before 0.9.3 and before 0.8.8. When the libssh SCP client
    connects to a server, the scp command, which includes a
    user-provided path, is executed on the server-side. In case the
    library is used in a way where users can influence the third
    parameter of the function, it would become possible for an attacker
    to inject arbitrary commands, leading to a compromise of the remote
    target.

CVE-2023-1667

    A NULL pointer dereference was found In libssh during re-keying with
    algorithm guessing. This issue may allow an authenticated client to
    cause a denial of service.

For Debian 10 buster, these problems have been fixed in version
0.8.7-1+deb10u2.

We recommend that you upgrade your libssh packages.

For the detailed security status of libssh please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libssh

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


- -----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmR1IK8ACgkQkWT6HRe9
XTZfVRAApgbHqHpwjKPlHEw35hiSiUnk6hBy7wQDi1DIEq5aclOtN9HDJpoo4G7Q
Wec6QB8W1FhN/IAzm5pPIz1klt59cEDpX9H7RTLRxZ157IlPDvrGYq3OlK+DyBcq
al8ylPBBQ5FdR/N5iS9w4LEzqZN9s+GFOxzNIRWBcBBlcSXxiSPkRh7TpoFflYzy
djJCP2AfoOYfSmAvV4OV/0THKUZDx+JEAvZgWsrimORZHB4vQudG8AYA4pMEmWDp
KSwkG637rKoP8klHwZz2Ymghb/4skpaYQLa8moR0ywy5T1LR5MqdyqClURm62UZ2
ijkWVMBZvGqse8KMtUqeSo9cs6cD2t50j19MewHaGf8PzoJbgbwWN6tdB/to7dL6
DTFGILKyAsv2f7fVkrML8xnjhQTnCBk6d35lO8WQuj1jj3OOwdPWusuW4GeRcC5F
KCnCxxwuUJamaLqM+3VBWPKU/AIeNUNQ3I4iyNVx6GsVZHJMj/dVgiW4MjJ3jr0K
E8pMCgYYzz/V7b+rpEfTni6SciOe5YWoLP50NC2G9RpAPTgTDmM3liMnUXcoHilo
yKzGbeJ7alcj/K3GSSvp0n0fXMsRnreukcyT8VA3A3pGkFLpndzaXkyuT8YILyKL
mlvUmI/KiAl0OOMz/WKhnVwHb39PToKyrCoQ/0DNfZdtdjOIzlI=
=CDOK
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBZHVmkskNZI30y1K9AQg7BQ/+PPJ7MNFHd9RSE3dFiAuzAhsoahWnDuvW
+/h5Ld0oRnWSW5uttmU/uHTVyI2VS3q1pdO4x1DwUrf6iilkn2eU2aFiiNBfxzC0
kI1ZrJBWaD0ToAWYVZtT51PQ+93a/KyWudkQ3ObVZrlevX4sevbkki0pXGFAZv4K
JhQVw9IKPnWJE5nqWDJXJ3mGwNz8VS5K5P3OSm4Gmyct+vyqsQr6Taiti+ydHpEE
NsGH2o3WiqMpQyjjIDwgafWIJgffY8HYRQdbwlmU/NfTOo0NBRNo1LeC09PGG+OZ
NiLivIn8H11V7A7ieTg5Pu8ePxL9fngjAxUmMpDFEACUfk6+iQtbOCG8xvGMXoRS
AZ35ivTiQeRb9FWtY7kGHzawuAgYKGvBjlL6rKlGb4K8qel9xZ72Z7rzyOwRV58Y
bNGyKgeX5KAYXoXuF9NnbYz+Nix8fWUVDs9bFB9d5M4Mq6FI797hK+B7vRMHJdfA
OnNB3wCR8iOSRsjcoXduFPRul2gAtzqmGltHNdgry/uUXoPyMvXWKkk1whcro1rB
jGLpkRxRRoekV3Lh/tDqrLOiQ97oVQOqYE/XIa3Xs2iMVNy00mS62Ijm/2zyUw7G
Pt3LJZBHAYNH5YGKRhko2FOtBrcjLpRCmnfmWjjS3qK2B5UtdOsQydusRWYaV+UI
b9TjklOsRck=
=Shsk
-----END PGP SIGNATURE-----