-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5591-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
December 28, 2023                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libssh
CVE ID         : CVE-2023-6004 CVE-2023-6918 CVE-2023-48795
Debian Bug     : 1059004 1059059 1059061

Several vulnerabilities were discovered in libssh, a tiny C SSH library.

CVE-2023-6004

    It was reported that using the ProxyCommand or the ProxyJump feature
    may allow an attacker to inject malicious code through specially
    crafted hostnames.

CVE-2023-6918

    Jack Weinstein reported that missing checks for return values for
    digests may result in denial of service (application crashes) or
    usage of uninitialized memory.

CVE-2023-48795

    Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that
    the SSH protocol is prone to a prefix truncation attack, known as
    the "Terrapin attack". This attack allows a MITM attacker to effect
    a limited break of the integrity of the early encrypted SSH
    transport protocol by sending extra messages prior to the
    commencement of encryption, and deleting an equal number of
    consecutive messages immediately after encryption starts.

    Details can be found at https://terrapin-attack.com/

For the oldstable distribution (bullseye), these problems have been fixed
in version 0.9.8-0+deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 0.10.6-0+deb12u1.

We recommend that you upgrade your libssh packages.

For the detailed security status of libssh please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/libssh

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWNhadfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TR1w/+Mmnf9FXB5B5jQrYIpKB+7ksoXkhNRs92qXbM4SoMT9y8Kps2Ao4cyY7X
8S8eyzwSF1Q847Pb2yfmjQqFwonbjca+uSsvVfITYl0lwZpvV8vIdtZNbQmFp9l9
QTohScBg2xKrOZ/G9A3dih8vWAuvRwKq+5OqRyPt5cHGLZ9isyfF0ccsRvw41lbU
Uu0sfOZetfsDIT1F2Fg3hQW4LzMA1n3yrRMQkOH9iJtdubAoyRE5MzVQktG5FpyG
zcDD824k0vqAnKeulKhb8hf0vpkW2Ji1UDh3eFqoaYRppBFpNyOKSKP1m+pab6We
aUVpIIZhFFIKovR/ZE4LSpTPb8ZLSkrpBSadtxQ1GzCq8EYTfTABVd1weaxaHhZZ
ctrbXeY6EPwc2OQOOozCbyNERve1n5YqPiMfHEheDoaOkxMMB4fiNmXvveSq/eCN
EhSzCdXCl4Z0SKk71gnXUw7G832p2He/mzkVJqZlUusCOWflrUXZa/fcEO+CQNvU
ZRieJDmcXZDBlqC7HC9Khoonth5Gbst//UPL6zOYa2auJ+ftUZLvPeSGMrKdJ//0
CNiG/pWEBggHku+wocggj9ie00hpAltuv6d3nVzLDSNntcDzZ2KpUS6f0Vo8jfm9
PvJ4ymTrCDypWOVEmCPq4h68AFwv75q56lyhvPU0UxnW5524C/U=IV9+
-----END PGP SIGNATURE-----