Hi all,
When will Centos release the patched version of libssh that addresses CVE-2018-10933 ?
Also , how does the versioning work , i see the rest of the world is on version libssh 0.8.4 but the Centos repo says we are on libssh2-1.4.3-10.el7 ?
Does Centos build it own version and then increment it with its own numbering system ?
Apologies if these are trivial / stupid questions.
CVE-2018-10933 libssh patch
Re: CVE-2018-10933 libssh patch
You're confusing libssh and libssh2. They are different.
We do ship libssh 0.7.1 in extras and it comes from upstream RHEL extras channel. They have https://access.redhat.com/security/cve/cve-2018-10933 which basically says "Don't panic".
We do ship libssh 0.7.1 in extras and it comes from upstream RHEL extras channel. They have https://access.redhat.com/security/cve/cve-2018-10933 which basically says "Don't panic".
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2018-10933 libssh patch
Thanks TrevorH.
I came across that just after posting the question .
Thanks for the clarification.
I came across that just after posting the question .
Thanks for the clarification.