import UBI libssh-0.9.6-14.el8

This commit is contained in:
eabdullin 2024-05-22 13:26:38 +00:00
parent 6bb9b33bb6
commit 692aad0458
3 changed files with 2703 additions and 5 deletions

1114
SOURCES/CVE-2023-6004.patch Normal file

File diff suppressed because it is too large Load Diff

1577
SOURCES/CVE-2023-6918.patch Normal file

File diff suppressed because it is too large Load Diff

View File

@ -1,6 +1,6 @@
Name: libssh Name: libssh
Version: 0.9.6 Version: 0.9.6
Release: 13%{?dist} Release: 14%{?dist}
Summary: A library implementing the SSH protocol Summary: A library implementing the SSH protocol
License: LGPLv2+ License: LGPLv2+
URL: http://www.libssh.org URL: http://www.libssh.org
@ -18,6 +18,8 @@ Patch3: auth_bypass.patch
Patch4: fix_tests.patch Patch4: fix_tests.patch
Patch5: covscan23.patch Patch5: covscan23.patch
Patch6: CVE-2023-48795.patch Patch6: CVE-2023-48795.patch
Patch7: CVE-2023-6004.patch
Patch8: CVE-2023-6918.patch
BuildRequires: cmake BuildRequires: cmake
BuildRequires: doxygen BuildRequires: doxygen
@ -146,10 +148,15 @@ popd
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
%changelog %changelog
* Wed Jan 24 2024 Sahana Prasad <sahana@redhat.com> - 0.9.6-13 * Mon Feb 26 2024 Sahana Prasad <sahana@redhat.com> - 0.9.6-14
- Fix CVE-2023-48795: Prefix truncation attack - Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol (BPP)
on Binary Packet Protocol (BPP) - Fix CVE-2023-6918 Missing checks for return values for digests
- Resolves: RHEL-19311 - Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection
of malicious code through hostname
- Note: version is bumped from 12 to 14 directly, as the z-stream
version in 8.9 also has 13. So bumping it to 14, will prevent
upgrade conflicts.
- Resolves:RHEL-19690, RHEL-17244, RHEL-19312
* Mon May 15 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-12 * Mon May 15 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-12
- Fix loglevel regression - Fix loglevel regression