You are at the archive for the Uncategorized Category:

libssh 0.6.3 (Security release)

This is an important SECURITY and maintenance release in order to address CVE-2014-0017 – PRNG state reuse on forking servers. This bug happens when a SSH server forks on new connections. OpenSSL PRNG does not always detect the change of process (PID collision) and PRNG state may be shared between two successive children. However that […]

libssh 0.6.2 (Security release)

This is an important SECURITY and maintenance release in order to address CVE-2014-0017 – PRNG state reuse on forking servers. This bug happens when a SSH server forks on new connections. OpenSSL PRNG does not always detect the change of process (PID collision) and PRNG state may be shared between two successive children. However that […]

OpenSSH introduces curve25519-sha256@libssh.org key exchange !

A while back, I introduced a new key exchange mechanism, “curve25519-sha256@libssh.org” in our code base. The reasons were explained together with the specifications. In a nutshell, this key exchange function is based on DJB’s Curve25519 elliptic curve Diffie-Hellman key exchange. This algorithm does not rely on NIST-based curves and gives us more security confidence against […]

libssh 0.5.3 (SECURITY RELEASE)

This is an important SECURITY and maintenance release in order to address CVE-2012-4559, CVE-2012-4560, CVE-2012-4561 and CVE-2012-4562. CVE-2012-4559 – Fix multiple double free() flaws CVE-2012-4560 – Fix multiple buffer overflow flaws CVE-2012-4561 – Fix multiple invalid free() flaws CVE-2012-4562 – Fix multiple improper overflow checks The double free in sftp_parse_attr_3() could be used for a […]

libssh 0.5.2

This is another bugfix release of libssh version 0.5. If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our irc channel if you have questions. You can download libssh 0.5.2 here. For Windows binaries we suggest to use our MSVC build or the MSVC […]

libssh 0.5.1

This is our first libssh bugfix release of the 0.5 version. If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our irc channel if you have questions. You can download libssh 0.5.1 here (gpg asc). For Windows binaries we suggest to use our MSVC […]

libssh at FOSDEM 2011

Your favourite SSH library will be represented by Andreas and myself at Fosdem, and we will even have a few words in the security/hardware crypto devroom. Don’t hesitate to hang around with us and have a beer or two… See you at FOSDEM ! Aris

How to contribute to libssh

libssh is an open source project and there are several ways to contribute. We will show you some ways how to do that depending on your hardware access and knowledge. Users: As a user you can report bugs to our bugtracking system at http://red.libssh.org/. Another way could be to package libssh for you distribution. Application […]

New hardware for libssh.org

We have new hardware for libssh.org. So several services of libssh.org have moved to a new server. The most important services have already been enabled again. Git clone: git clone git://git.libssh.org/projects/libssh.git Web: http://git.libssh.org/ – git web interface http://api.libssh.org/ – libssh documentation http://test.libssh.org/ – testing infrastructure http://red.libssh.org/ – redmine installation (soon)

Five years of libssh development

Here is some nice video how libssh evolved …