Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
.`libssh` rebased to 0.9.6
The `libssh` package has been rebased to upstream version 0.9.6. This version provides bug fixes and enhancements, most notably:
* Support for multiple identity files. The files are processed from the bottom to the top as listed in the `~/.ssh/config` file.
* Parsing of sub-second times in SFTP is fixed.
* A regression of the `ssh_channel_poll_timeout()` function returning `SSH_AGAIN` unexpectedly is now fixed.
* A possible heap-buffer overflow after key re-exchange is fixed.
* A handshake bug when AEAD cipher is matched but there is no HMAC overlap is fixed.
* Several memory leaks on error paths are fixed.
DescriptionDushyantk.sun@gmail.com
2020-11-11 06:49:11 UTC
Created attachment 1728268[details]
Zabbix frontend snap
Description of problem:
Hello Team,
We have RH Linux release 8.2.2004. We have zabbix monitoring tool installed on it and this monitoring tool needs to connect to client machine(All clients are RH 6 and 7) to fetch server details over the ssh. However due to bug in libssh-0.9.0-4 , we are seeing intermittent issue while connecting to client machine.
I can see libssh community has release the updated version which is libssh 0.9.5
I would like to check with you if there is any timeline for releasing this package on RH 8 repo or do we have any workaround for time being until release of package
It caused us to move forward with RH 8 version in prod environment. Found link from Zabbix https://support.zabbix.com/browse/ZBX-17756 and from libssh where they have fixed available. https://www.libssh.org/2020/09/10/libssh-0-9-5/ .
Pleases let me know if need more information.
Version-Release number of selected component (if applicable):
libssh-0.9.0-4.el8.x86_64
How reproducible:
While executing remote command from Zabbix application RH 8 server to client machines, it shows "Cannot read data from SSH server"
Steps to Reproduce:
1. Intermittent connection drop to client from RH 8
2. Executing several remote commands
3.
Actual results:
can not read data from ssh server on zabbix tool frontend.
Expected results:
It should connect and execute command to fetch the details
Additional info:
Comment 2Dushyantk.sun@gmail.com
2020-11-11 09:43:12 UTC
Hi Sahana,
Thank you for reviewing the issue and providing feedback.
Since update will take time , could you please let me know if we have any workaround for it.
-Dushyant
Comment 4Dushyantk.sun@gmail.com
2020-11-11 12:35:42 UTC
Hi Sahana,
When we install RH 8 , we got default version of libssh-0.9.4 so can not downgrade. Do we have lower version of libssh which supports on RH 8 and how to download.
But yeah will wait for release of updated package.
Comment 5Nikos Mavrogiannopoulos
2020-11-11 12:49:58 UTC
Thank you Dushyanth for taking the time to report this issue to us. We appreciate the feedback and use reports such as this one to guide our efforts at improving our products. That being said, this bug tracking system is not a mechanism for requesting support, and we are not able to guarantee the timeliness or suitability of a resolution.
If this issue is critical or in any way time sensitive, please raise a ticket through the regular Red Hat support channels to ensure it receives the proper attention and prioritization to assure a timely resolution.
For information on how to contact the Red Hat production support team, please visit:
https://www.redhat.com/en/services/support
Comment 6Nikos Mavrogiannopoulos
2020-11-11 12:52:25 UTC
Please also ask the support engineer to assign your ticket to this Bugzilla.
Comment 7Dushyantk.sun@gmail.com
2020-11-11 16:49:17 UTC
HI Nikos,
Thank you. I will check and raise case accordingly.
Changes from the change log for 0.9.5 are:
CVE-2020-16135: Avoid null pointer dereference in sftpserver
Improve handling of library initialization
Fix parsing of subsecond times in SFTP
Make the documentation reproducible
Remove deprecated API usage in OpenSSL
Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN
Define version in one place
Prevent invalid free when using different C runtimes than OpenSSL
Compatibility improvements to testsuite
The latest upstream version 0.9.6 fixes the
CVE-2021-3634 libssh: possible heap-based buffer overflow when rekeying
Additional changes in this release from the change log:
CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism
Fix several memory leaks on error paths
Reset pending_call_state on disconnect
Fix handshake bug with AEAD ciphers and no HMAC overlap
Use OPENSSL_CRYPTO_LIBRARIES in CMake
Ignore request success and failure message if they are not expected
Support more identity files in configuration
Avoid setting compiler flags directly in CMake
Support build directories with special characters
Include stdlib.h to avoid crash in Windows
Fix sftp_new_channel constructs an invalid object
Fix Ninja multiple rules error
Several tests fixes
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Low: libssh security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2022:2031