all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

USN-6561-1: libssh vulnerability

Add to bookmarks
Dec. 19, 2023, 1:08 p.m. |

Ubuntu security notices ubuntu.com

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH
protocol was vulnerable to a prefix truncation attack. If a remote attacker
was able to intercept SSH communications, extension negotiation messages
could be truncated, possibly leading to certain algorithms and features
being downgraded. This issue is known as the Terrapin attack. This update
adds protocol extensions to mitigate this issue.

algorithms attack attacker communications extension extensions features intercept issue libssh marcus messages negotiation protocol ssh ssh communications truncated update usn vulnerability vulnerable

Visit resource

More from ubuntu.com / Ubuntu security notices

USN-6754-1: nghttp2 vulnerabilities 2 days, 8 hours ago | ubuntu.com
attacker cve denial of service http +10
USN-6753-1: CryptoJS vulnerability 2 days, 9 hours ago | ubuntu.com
attacker configuration cryptographic default +11
USN-6751-1: Zabbix vulnerabilities 2 days, 10 hours ago | ubuntu.com
attacker attacks cross-site cross-site scripting (xss) attacks +11
USN-6752-1: FreeRDP vulnerabilities 2 days, 16 hours ago | ubuntu.com
attacker crash denial of service issue +7
USN-6750-1: Thunderbird vulnerabilities 3 days, 3 hours ago | ubuntu.com
arbitrary code attacker browsing bypass +19
USN-6743-3: Linux kernel (Azure) vulnerabilities 3 days, 7 hours ago | ubuntu.com
attacker azure bpf compromise +16
USN-6657-2: Dnsmasq vulnerabilities 3 days, 10 hours ago | ubuntu.com
advisory attacker dnsmasq dnssec +10
USN-6749-1: FreeRDP vulnerabilities 3 days, 13 hours ago | ubuntu.com
arbitrary code attacker code context +12
USN-6748-1: Sanitize vulnerabilities 4 days, 1 hour ago | ubuntu.com
attack attacker cross-site cve +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Associate Compliance Advisor

@ SAP | Budapest, HU, 1031
View on infosec-jobs.com

DevSecOps Engineer

@ Qube Research & Technologies | London
View on infosec-jobs.com

Software Engineer, Security

@ Render | San Francisco, CA or Remote (USA & Canada)
View on infosec-jobs.com

Associate Consultant

@ Control Risks | Frankfurt, Hessen, Germany
View on infosec-jobs.com

Senior Security Engineer

@ Activision Blizzard | Work from Home - CA
View on infosec-jobs.com
View more jobs