From fe924f31cee06d478488b70cebff379b3126881e Mon Sep 17 00:00:00 2001 From: Eugene Date: Wed, 14 Aug 2024 22:59:23 +0200 Subject: [PATCH] fixed GHSA-vgvv-x7xg-6cqg - SSH OOM DoS through malicious packet length --- Cargo.lock | 4 ++-- warpgate-admin/Cargo.toml | 2 +- warpgate-protocol-ssh/Cargo.toml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index cc15110..59adc03 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3729,9 +3729,9 @@ dependencies = [ [[package]] name = "russh" -version = "0.44.0" +version = "0.44.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69d007dc79831fd2bbe5a388daa13fa48c5d2c6f6ceb74a08b13fb1450c3468a" +checksum = "6500eedfaf8cd81597899d896908a4b9cd5cb566db875e843c04ccf92add2c16" dependencies = [ "aes", "aes-gcm", diff --git a/warpgate-admin/Cargo.toml b/warpgate-admin/Cargo.toml index 6472e58..a880c55 100644 --- a/warpgate-admin/Cargo.toml +++ b/warpgate-admin/Cargo.toml @@ -24,7 +24,7 @@ poem-openapi = { version = "2.0", features = [ "uuid", "static-files", ] } -russh = { version = "0.44.0", features = ["legacy-ed25519-pkcs8-parser"] } +russh = { version = "0.44.1", features = ["legacy-ed25519-pkcs8-parser"] } rust-embed = "8.3" sea-orm = { version = "0.12.2", features = [ "runtime-tokio-rustls", diff --git a/warpgate-protocol-ssh/Cargo.toml b/warpgate-protocol-ssh/Cargo.toml index 967f100..7797b8b 100644 --- a/warpgate-protocol-ssh/Cargo.toml +++ b/warpgate-protocol-ssh/Cargo.toml @@ -14,7 +14,7 @@ dialoguer = "0.10" curve25519-dalek = "4.0.0" # pin due to build fail on x86 ed25519-dalek = "2.0.0" # pin due to build fail on x86 in 2.1 futures = "0.3" -russh = { version = "0.44.0", features = ["legacy-ed25519-pkcs8-parser"] } +russh = { version = "0.44.1", features = ["legacy-ed25519-pkcs8-parser"] } # russh = { version = "0.35.0-beta.6", path = "../../russh/russh"} sea-orm = { version = "0.12.2", features = [ "runtime-tokio-rustls",