Ubuntu Security Notice 4327-1 - Yasheng Yang discovered that libssh incorrectly handled AES-CTR ciphers. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service.
0c37dd2df5471e0ca6e662779d85139029735c0748c711b4b5e1dbe8a5484aa9
==========================================================================
Ubuntu Security Notice USN-4327-1
April 09, 2020
libssh vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
- Ubuntu 18.04 LTS
Summary:
libssh could be made to crash if it received specially crafted network
traffic.
Software Description:
- libssh: A tiny C SSH library
Details:
Yasheng Yang discovered that libssh incorrectly handled AES-CTR ciphers. A
remote attacker could possibly use this issue to cause libssh to crash,
resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
libssh-4 0.9.0-1ubuntu1.4
Ubuntu 18.04 LTS:
libssh-4 0.8.0~20170825.94fa1e38-1ubuntu0.6
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4327-1
CVE-2020-1730
Package Information:
https://launchpad.net/ubuntu/+source/libssh/0.9.0-1ubuntu1.4
https://launchpad.net/ubuntu/+source/libssh/0.8.0~20170825.94fa1e38-1ubuntu0.6