Joined: 12 May 2004
|Posted: Fri Apr 10, 2020 10:26 pm Post subject: [ GLSA 202004-08 ] libssh
|Gentoo Linux Security Advisory
Title: libssh: Denial of Service (GLSA 202004-08)
A vulnerability in libssh could allow a remote attacker to cause a
Denial of Service condition.
libssh is a multiplatform C library implementing the SSHv2 protocol on
client and server side.
Vulnerable: < 0.9.4
Unaffected: >= 0.9.4
Architectures: All supported architectures
It was discovered that libssh could crash when AES-CTR ciphers are used.
A remote attacker running a malicious client or server could possibly
crash the counterpart implemented with libssh and cause a Denial of
Disable AES-CTR ciphers. If you implement a server using libssh it is
recommended to use a prefork model so each session runs in an own
All libssh users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/libssh-0.9.4"