Launchpad CVE tracker

CVE 2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

Related bugs and status

CVE-2018-10933 (Candidate) is related to these bugs:

Bug #1805348: Recent security update broke server-side keyboard-interactive authentication

		In	Importance	Status
1805348	Recent security update broke server-side keyboard-interactive authentication	libssh (Ubuntu)	Undecided	Fix Released
1805348	Recent security update broke server-side keyboard-interactive authentication	libssh (Ubuntu Cosmic)	High	Fix Released
1805348	Recent security update broke server-side keyboard-interactive authentication	libssh (Ubuntu Bionic)	High	Fix Released
1805348	Recent security update broke server-side keyboard-interactive authentication	libssh (Ubuntu Xenial)	High	Fix Released
1805348	Recent security update broke server-side keyboard-interactive authentication	libssh (Debian)	Unknown	Fix Released
1805348	Recent security update broke server-side keyboard-interactive authentication	libssh (Ubuntu Trusty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2018-10933

References