English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.9.2025.9797978499710174
Categoría:Fedora Local Security Checks
Título:Fedora: Security Advisory (FEDORA-2025-aaa849ae74)
Resumen:The remote host is missing an update for the 'libssh2' package(s) announced via the FEDORA-2025-aaa849ae74 advisory.
Descripción:Summary:
The remote host is missing an update for the 'libssh2' package(s) announced via the FEDORA-2025-aaa849ae74 advisory.

Vulnerability Insight:
This update, to the current upstream libssh2 release, addresses a couple of security issues:

* CVE-2023-6918 (missing checks for return values for digests)
* CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) - 'Terrapin')

It also removes support for a number of legacy algorithms that were disabled by default or removed from OpenSSH in the 2015-2018 time period. See the `RELEASE_NOTES` file for full details.

In addition, there are a large number of bug fixes and enhancements, which again are described in the `RELEASE_NOTES` file.

Affected Software/OS:
'libssh2' package(s) on Fedora 40.

Solution:
Please install the updated package(s).

CVSS Score:
5.4

CVSS Vector:
AV:N/AC:H/Au:N/C:N/I:C/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-48795
Debian Security Information: DSA-5586 (Google Search)
https://www.debian.org/security/2023/dsa-5586
Debian Security Information: DSA-5588 (Google Search)
https://www.debian.org/security/2023/dsa-5588
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
http://seclists.org/fulldisclosure/2024/Mar/21
https://security.gentoo.org/glsa/202312-16
https://security.gentoo.org/glsa/202312-17
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
https://access.redhat.com/security/cve/cve-2023-48795
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
https://bugs.gentoo.org/920280
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
https://bugzilla.suse.com/show_bug.cgi?id=1217950
https://crates.io/crates/thrussh/versions
https://filezilla-project.org/versions.php
https://forum.netgate.com/topic/184941/terrapin-ssh-attack
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
https://github.com/NixOS/nixpkgs/pull/275249
https://github.com/PowerShell/Win32-OpenSSH/issues/2189
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://github.com/apache/mina-sshd/issues/445
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
https://github.com/cyd01/KiTTY/issues/520
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
https://github.com/erlang/otp/releases/tag/OTP-26.2.1
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
https://github.com/hierynomus/sshj/issues/916
https://github.com/janmojzis/tinyssh/issues/81
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
https://github.com/libssh2/libssh2/pull/1291
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
https://github.com/mwiede/jsch/issues/457
https://github.com/mwiede/jsch/pull/461
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
https://github.com/openssh/openssh-portable/commits/master
https://github.com/paramiko/paramiko/issues/2337
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
https://github.com/proftpd/proftpd/issues/456
https://github.com/rapier1/hpn-ssh/releases
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
https://github.com/ronf/asyncssh/tags
https://github.com/ssh-mitm/ssh-mitm/issues/165
https://github.com/warp-tech/russh/releases/tag/v0.40.2
https://gitlab.com/libssh/libssh-mirror/-/tags
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
https://help.panic.com/releasenotes/transmit5/
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
https://matt.ucc.asn.au/dropbear/CHANGES
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
https://news.ycombinator.com/item?id=38684904
https://news.ycombinator.com/item?id=38685286
https://news.ycombinator.com/item?id=38732005
https://nova.app/releases/#v11.8
https://oryx-embedded.com/download/#changelog
https://roumenpetrov.info/secsh/#news20231220
https://security-tracker.debian.org/tracker/CVE-2023-48795
https://security-tracker.debian.org/tracker/source-package/libssh2
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
https://thorntech.com/cve-2023-48795-and-sftp-gateway/
https://twitter.com/TrueSkrillor/status/1736774389725565005
https://ubuntu.com/security/CVE-2023-48795
https://winscp.net/eng/docs/history#6.2.2
https://www.bitvise.com/ssh-client-version-history#933
https://www.bitvise.com/ssh-server-version-history
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
https://www.netsarang.com/en/xshell-update-history/
https://www.openssh.com/openbsd.html
https://www.openssh.com/txt/release-9.6
https://www.openwall.com/lists/oss-security/2023/12/18/2
https://www.openwall.com/lists/oss-security/2023/12/20/3
https://www.paramiko.org/changelog.html
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
https://www.terrapin-attack.com
https://www.theregister.com/2023/12/20/terrapin_attack_ssh
https://www.vandyke.com/products/securecrt/history.txt
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
http://www.openwall.com/lists/oss-security/2023/12/18/3
http://www.openwall.com/lists/oss-security/2023/12/19/5
http://www.openwall.com/lists/oss-security/2023/12/20/3
http://www.openwall.com/lists/oss-security/2024/03/06/3
http://www.openwall.com/lists/oss-security/2024/04/17/8
Common Vulnerability Exposure (CVE) ID: CVE-2023-6918
RHBZ#2254997
https://bugzilla.redhat.com/show_bug.cgi?id=2254997
RHSA-2024:2504
https://access.redhat.com/errata/RHSA-2024:2504
RHSA-2024:3233
https://access.redhat.com/errata/RHSA-2024:3233
https://access.redhat.com/security/cve/CVE-2023-6918
https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
https://www.libssh.org/security/advisories/CVE-2023-6918.txt
CopyrightCopyright (C) 2025 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.