StarlingX

[Debian] CVE: CVE-2023-1667/CVE-2023-2283: libssh: multiple CVEs

Bug #2020741 reported by Yue Tao on 2023-05-25

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	Unassigned

Bug Description

CVE-2023-1667: https://nvd.nist.gov/vuln/detail/CVE-2023-1667

CVE-2023-2283: https://nvd.nist.gov/vuln/detail/CVE-2023-2283

Base Score: High (Refer to https://www.tenable.com/plugins/nessus/176333)

Reference:

['libssh-dev_0.9.5-1+deb11u1_amd64.deb===>libssh-dev_0.9.7-0+deb11u1_amd64.deb', 'libssh-4_0.9.5-1+deb11u1_amd64.deb===>libssh-4_0.9.7-0+deb11u1_amd64.deb']

https://www.debian.org/security/2023/dsa-5409

Tags:

CVE References

Yue Tao (wrytao) on 2023-05-25

Changed in starlingx:
importance:	Undecided → High
status:	New → Triaged
tags:	added: stx.9.0 stx.security

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-05-31: Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/884801

Changed in starlingx:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-05-31: Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/884801
Committed: https://opendev.org/starlingx/tools/commit/4ea041c729f6c5a7fa05f4b72ea4e050e9c25406
Submitter: "Zuul (22348)"
Branch: master

commit 4ea041c729f6c5a7fa05f4b72ea4e050e9c25406
Author: Haiqing Bai <email address hidden>
Date: Wed May 31 10:22:39 2023 +0800

libssh: fix CVE-2023-1667/CVE-2023-2283

Upgrade libssh-dev to 0.9.7-0+deb11u1
Upgrade libssh-4 to 0.9.7-0+deb11u1

    Refer to:
    https://security-tracker.debian.org/tracker/CVE-2023-1667
    https://security-tracker.debian.org/tracker/CVE-2023-2283

    Test Plan:
    Pass: downloader -b
    Pass: build-pkgs --clean
    Pass: build-image
    Pass: Jenkins Installation
    PASS: dpkg -l | grep libssh
          ii libssh-4:amd64 0.9.7-0+deb11u1

Closes-Bug: 2020741

Change-Id: Ie5ec6e8cc97089e08ab25386bc4629e88ade251a
Signed-off-by: Haiqing Bai <email address hidden>

Changed in starlingx:
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.