Ubuntu
libssh2 package

Update libSSH2 package to 1.9.0

Asked by Sandeep Bansal

Ubuntu currently ships with 1.8.0 version of libssh2 packages. These binaries don't support the ED25519 SSH algorithm. LibSSH has fixed this in their newer packages (1.9.0). Can we please move libssh2 to this newer package?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu libssh2 Edit question
Assignee:
No assignee Edit question
Solved by:
Manfred Hampl
Solved:
Last query:
Last reply:
Revision history for this message
Best Manfred Hampl (m-hampl) said : 		#1

Ubuntu is no rolling release. This means that package versions usually are not updated to higher versions than the one initially provided with a certain Ubuntu release.
Newer package versions are provided only with newer Ubuntu releases.

Furthermore you have to be aware that Ubuntu is taking over packages from Debian, and also in Debian there is only version 1.8.0 of libssh2.

The first step to bring libssh2 version 1.9.0 to Ubuntu is creating a bug report in Debian that they upgrade their package. Ubuntu will then follow.

There currently are two bug reports in Debian about CVE bugs in the current version; one of the options to solve these problems would be an upgrade to 1.9.0. https://bugs.debian.org/932329 https://bugs.debian.org/943562
I do not know what Debian will do.

And Ubuntu knows about these CVEs as well, see
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13115
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17498

Revision history for this message
Sandeep Bansal (sandeep-bansal85) said : 		#2

Thanks Manfred Hampl, that solved my question.