ELSA-2023-3839 Moderate: Oracle Linux 8 libssh security update
Oracle Linux Security Advisory ELSA-2023-3839
http://linux.oracle.com/errata/ELSA-2023-3839.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
libssh-0.9.6-10.el8_8.i686.rpm
libssh-0.9.6-10.el8_8.x86_64.rpm
libssh-config-0.9.6-10.el8_8.noarch.rpm
libssh-devel-0.9.6-10.el8_8.i686.rpm
libssh-devel-0.9.6-10.el8_8.x86_64.rpm
aarch64:
libssh-0.9.6-10.el8_8.aarch64.rpm
libssh-config-0.9.6-10.el8_8.noarch.rpm
libssh-devel-0.9.6-10.el8_8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//libssh-0.9.6-10.el8_8.src.rpm
Related CVEs:
CVE-2023-1667
CVE-2023-2283
Description of changes:
[0.9.6-10]
- Add missing ci.fmf file
- Related: rhbz#2182251, rhbz#2189742
[0.9.6-9]
- Fix covscan errors found at gating
- Related: rhbz#2182251, rhbz#2189742
[0.9.6-8]
- Backport test fixing commits to make the build pass
- Related: rhbz#2182251, rhbz#2189742
[0.9.6-7]
- Fix NULL dereference during rekeying with algorithm guessing
GHSL-2023-032 / CVE-2023-1667
- Fix possible authentication bypass
GHSL 2023-085 / CVE-2023-2283
- Resolves: rhbz#2182251, rhbz#2189742
A libssh security update has been released for Oracle Linux 8.