Reply to post: libssh and libssh2

Thought Patch Tuesday was a load? You gotta check out this Oracle mega-advisory, then

Alan J. Wylie

libssh and libssh2

There are two similarly named projects:

libssh: the one with the vulnerability, and libssh2 which so far doesn't seem to be affected.

Red Hat / Centos, at least, use libssh2.

Note also that it only affects servers, not clients. sftp servers seem to be the most likely to be vulnerable and exposed.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022