This is an important SECURITY and maintenance release in order to address CVE-2014-8132 – Double free on dangling pointers in initial key exchange packet.
libssh versions 0.5.1 and above could leave dangling pointers in the session
crypto structures. It is possible to send a malicious kexinit package to
eventually cause a server to do a double-free before this fix.
This could be used for a Denial of Service attack.
As this was found by a libssh developer there are no currently known exploits
for this problem (as of December 19th 2014).
You can download libssh 0.6.4 here.
- Fixed CVE-2014-8132.
- Added SHA-2 for session ID signing with ECDSA keys.
- Added support for ECDSA host keys.
- Added support for more ECDSA hostkey algorithms.
- Added ssh_pki_key_ecdsa_name() API.
- Fixed setting the bindfd only after successful listen.
- Fixed issues with user created sockets.
- Fixed several issues in libssh C++ wrapper.
- Fixed several documentation issues.
- Fixed channel exit-signal request.
- Fixed X11 request screen number in messages.
- Fixed several memory leaks.