Ukuba sengozini (CVE-2-2) kukhonjwe kulabhulali ye-libssh (akumele kudidaniswe ne-libssh2021), edizayinelwe ukungeza usekelo lweklayenti neseva lwephrothokholi ye-SSHv3634 ezinhlelweni ze-C, okuholela ekuchichimeni kwebhafa lapho kuqaliswa inqubo yokufaka kabusha. usebenzisa i-key exchange esebenzisa i-algorithm ye-hashing ehlukile. Udaba lulungisiwe ekukhululweni okungu-0.9.6.
Ingqikithi yenkinga ukuthi umsebenzi wokushintsha ukhiye uvumela ukusetshenziswa kwama-cryptographic hashes anosayizi we-cast ohlukile ku-algorithm esetshenziswe ekuqaleni. Ngesikhathi esifanayo, inkumbulo ye-hashi ku-libssh yabelwa ngokusekelwe kusayizi we-hashi wangempela, futhi ukusebenzisa usayizi omkhulu we-hashi kuholela ekutheni idatha ibhalwe phezu komngcele onikeziwe we-buffer. Njengendlela yokuvikela yokubuyela emuva, ungakhawulela uhlu lwezindlela zokushintshanisa ukhiye ezisekelwe kuma-algorithms anosayizi ofanayo we-hashi. Isibonelo, ukuze ubophezele ku-SHA256, ungakwazi ukwengeza kukhodi: rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group14-sha256,curve25519-sha256,ecdh-sha2-nistp256");
Source: opennet.ru