subject:"\[go\-nuts\] \[security\] Vulnerability in golang.org\/x\/crypto\/ssh"

[go-nuts] [security] Vulnerability in golang.org/x/crypto/ssh

2023-12-18 Thread Roland Shoemaker

Hello gophers, Version v0.17.0 of golang.org/x/crypto fixes a protocol weakness in the golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise the integrity of the secure channel before it was established, allowing them to prevent transmission of a number of messages immediately

[go-nuts] [security] Vulnerability in golang.org/x/crypto/ssh

2021-12-02 Thread Roland Shoemaker

Hello gophers, Version v0.0.0-20211202192323-5770296d904e of golang.org/x/crypto fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. This issue was discovered and reported by Rod Hynes, Psiphon Inc., and is tracked as

[go-nuts] [security] Vulnerability in golang.org/x/crypto/ssh

2020-12-16 Thread Roland Shoemaker

Hello gophers, Version v0.0.0-20201216223049-8b5274cf687f of golang.org/x/crypto fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed clients to cause a panic in SSH servers. An attacker can craft an authentication request message for the “gssapi-with-mic” method which will

Re: [go-nuts] [security] Vulnerability in golang.org/x/crypto/ssh

2020-02-22 Thread Manlio Perillo

On Saturday, February 22, 2020 at 9:36:30 AM UTC+1, Jakob Borg wrote: > > On 20 Feb 2020, at 19:40, Filippo Valsorda > wrote: > > > Version v0.0.0-20200220183623-bac4c82f6975 of golang.org/x/crypto fixes a > vulnerability > > > Am I the only one to think that this kind of versioning is not ideal

Re: [go-nuts] [security] Vulnerability in golang.org/x/crypto/ssh

2020-02-22 Thread Jakob Borg

On 20 Feb 2020, at 19:40, Filippo Valsorda mailto:fili...@golang.org>> wrote: Version v0.0.0-20200220183623-bac4c82f6975 of golang.org/x/crypto fixes a vulnerability Am I the only one to think that this kind of versioning is not ideal for a module that's important (

[go-nuts] [security] Vulnerability in golang.org/x/crypto/ssh

2020-02-20 Thread Filippo Valsorda

Hello gophers, Version v0.0.0-20200220183623-bac4c82f6975 of golang.org/x/crypto fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed peers to cause a panic in SSH servers that accept public keys and in any SSH client. An attacker can craft an ssh-ed25519 or sk-ssh-ed25...@o

[go-nuts] [security] Vulnerability in golang.org/x/crypto/ssh

[go-nuts] [security] Vulnerability in golang.org/x/crypto/ssh

[go-nuts] [security] Vulnerability in golang.org/x/crypto/ssh

Re: [go-nuts] [security] Vulnerability in golang.org/x/crypto/ssh

Re: [go-nuts] [security] Vulnerability in golang.org/x/crypto/ssh

[go-nuts] [security] Vulnerability in golang.org/x/crypto/ssh

6 matches

Site Navigation

Mail list logo

Footer information