it.ucsf.edu

Security Update:NIST has published a CRITICAL CVE to announce a vulnerability in the libssh library that impacts multiple products across various vendors

Status Type

Security Update

Date and Time

Wednesday, October 24, 2018 - 13:46

Reason

Security update

Impact

libssh library users

WHAT HAPPENED

NIST has published CVE-2018-10933 to announce a CRITICAL vulnerability in the libssh library that impacts multiple products across various vendors, including Cisco, F5, Red Hat, Ubuntu, and Debian.

 

Advanced Users: For a complete description of the vulnerabilities and affected systems, visit:

 

AFFECTED SYSTEMS:

Please note that this is not an all-inclusive list of impacted systems. Contact your vendor(s) to determine if this vulnerability affects your system(s) and to obtain updated versions of products.

 

WHAT’S THE PROBLEM?

A remote attacker could exploit this vulnerability to gain unauthenticated access to vulnerable servers.

 

WHAT DO I NEED TO DO?

Consult vendor support resources to determine if a vulnerable version of libssh is used in systems that you are responsible for or manage. If you have a system which is vulnerable, update the system to a non-vulnerable version.

If you use the libssh library in a service or application that you support or maintain, verify the version of libssh in use. If necessary, update your service or application to use libssh versions 0.7.6, 0.8.4, or later.

 

RELATED LINKS