CVE-2018-10933 libssh patch

Support for security such as Firewalls and securing linux
Post Reply
Fingai
Posts: 2
Joined: 2018/10/19 05:54:47

CVE-2018-10933 libssh patch

Post by Fingai » 2018/10/19 06:00:02

Hi all,
When will Centos release the patched version of libssh that addresses CVE-2018-10933 ?
Also , how does the versioning work , i see the rest of the world is on version libssh 0.8.4 but the Centos repo says we are on libssh2-1.4.3-10.el7 ?
Does Centos build it own version and then increment it with its own numbering system ?

Apologies if these are trivial / stupid questions.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2018-10933 libssh patch

Post by TrevorH » 2018/10/19 07:52:10

You're confusing libssh and libssh2. They are different.

We do ship libssh 0.7.1 in extras and it comes from upstream RHEL extras channel. They have https://access.redhat.com/security/cve/cve-2018-10933 which basically says "Don't panic".
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Fingai
Posts: 2
Joined: 2018/10/19 05:54:47

Re: CVE-2018-10933 libssh patch

Post by Fingai » 2018/10/19 08:12:50

Thanks TrevorH.
I came across that just after posting the question :D.

Thanks for the clarification.

Post Reply