Source: libssh Version: 0.10.5-3 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for libssh. CVE-2023-6918[0]: | A flaw was found in the libssh implements abstract layer for message | digest (MD) operations implemented by different supported crypto | backends. The return values from these were not properly checked, | which could cause low-memory situations failures, NULL dereferences, | crashes, or usage of the uninitialized memory as an input for the | KDF. In this case, non-matching keys will result in | decryption/integrity failures, terminating the connection. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-6918 https://www.cve.org/CVERecord?id=CVE-2023-6918 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
