Oracle Linux 6277 Published by

A libssh security update has been released for Oracle Linux 8.



ELSA-2023-3839 Moderate: Oracle Linux 8 libssh security update


Oracle Linux Security Advisory ELSA-2023-3839

http://linux.oracle.com/errata/ELSA-2023-3839.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
libssh-0.9.6-10.el8_8.i686.rpm
libssh-0.9.6-10.el8_8.x86_64.rpm
libssh-config-0.9.6-10.el8_8.noarch.rpm
libssh-devel-0.9.6-10.el8_8.i686.rpm
libssh-devel-0.9.6-10.el8_8.x86_64.rpm

aarch64:
libssh-0.9.6-10.el8_8.aarch64.rpm
libssh-config-0.9.6-10.el8_8.noarch.rpm
libssh-devel-0.9.6-10.el8_8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//libssh-0.9.6-10.el8_8.src.rpm

Related CVEs:

CVE-2023-1667
CVE-2023-2283

Description of changes:

[0.9.6-10]
- Add missing ci.fmf file
- Related: rhbz#2182251, rhbz#2189742

[0.9.6-9]
- Fix covscan errors found at gating
- Related: rhbz#2182251, rhbz#2189742

[0.9.6-8]
- Backport test fixing commits to make the build pass
- Related: rhbz#2182251, rhbz#2189742

[0.9.6-7]
- Fix NULL dereference during rekeying with algorithm guessing
GHSL-2023-032 / CVE-2023-1667
- Fix possible authentication bypass
GHSL 2023-085 / CVE-2023-2283
- Resolves: rhbz#2182251, rhbz#2189742