JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libssh: 0.7.5 -> 0.7.6

Browse Source 
Fixes CVE-2018-10933:

libssh versions 0.6 and above have an authentication bypass
vulnerability in the server code. By presenting the server an
SSH2_MSG_USERAUTH_SUCCESS message in place of the
SSH2_MSG_USERAUTH_REQUEST message which the server would expect to
initiate authentication, the attacker could successfully authentciate
without any credentials.

Source:
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
This commit is contained in:
Linus Heckemann 2018-10-16 18:28:09 +02:00
parent e58816bcc6
commit eca462813d
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkgs/development/libraries/libssh/default.nix
View File

@ -1,11 +1,11 @@
{ stdenv, fetchurl, fetchpatch, pkgconfig, cmake, zlib, openssl, libsodium }:
stdenv.mkDerivation rec {
name = "libssh-0.7.5";
name = "libssh-0.7.6";
src = fetchurl {
url = "https://red.libssh.org/attachments/download/218/${name}.tar.xz";
sha256 = "15bh6dm9c50ndddzh3gqcgw7axp3ghrspjpkb1z3dr90vkanvs2l";
url = "https://www.libssh.org/files/0.7/libssh-0.7.6.tar.xz";
sha256 = "14hhdpn2hflywsi9d5bz2pfjxqkyi07znjij89cpakr7b4w7sq0x";
};
patches = [