Fedora 41: libssh Critical Security Fix Advisory 2025-18e8506d3a

fedora

August 7, 2025

New upstream release with security fixes for CVE-2025-4877, CVE-2025-4878, CVE-2025-5987, CVE-2025-5318, CVE-2025-5351, CVE-2025-5372, CVE-2025-5449 Automatic update for libssh-0.1...

Summary

The ssh library was designed to be used by programmers needing a working SSH

implementation by the mean of a library. The complete control of the client is

made by the programmer. With libssh, you can remotely execute programs, transfer

files, use a secure and transparent tunnel for your remote programs. With its

Secure FTP implementation, you can play with remote files easily, without

third-party programs others than libcrypto (from openssl).

Update Information:

New upstream release with security fixes for CVE-2025-4877, CVE-2025-4878, CVE-2025-5987, CVE-2025-5318, CVE-2025-5351, CVE-2025-5372, CVE-2025-5449 Automatic update for libssh-0.11.0-1.fc41.

Topics Covered

security advisory fedora critical remote execution security fixes libssh

Change Log

* Tue Jun 24 2025 Jakub Jelen - 0.11.2-1 - New upstream release * Mon Jan 20 2025 Fedora Release Engineering - 0.11.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Fri Jan 17 2025 Fedora Release Engineering - 0.11.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Fri Oct 25 2024 Sahana Prasad - 0.11.1-2 - Do not use global openssl.cnf in PKCS11 URI tests * Fri Aug 30 2024 Jakub Jelen - 0.11.1-1 - New upstream release * Fri Aug 9 2024 Jakub Jelen - 0.11.0-1 - New upstream release (#2303674)

References

[ 1 ] Bug #2374586 - CVE-2025-5318 libssh: out-of-bounds read in sftp_handle() [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2374586 [ 2 ] Bug #2376224 - CVE-2025-5987 libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2376224 [ 3 ] Bug #2382566 - CVE-2025-4878 libssh: Use of uninitialized variable in privatekey_from_file() [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2382566

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-18e8506d3a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity

critical

Lowest

Low

Medium

High

Critical

Name: libssh

Product: Fedora 41

Version: 0.11.2

Release: 1.fc41

URL: http://www.libssh.org

Summary: A library implementing the SSH protocol

Topics Covered

security advisory fedora critical remote execution security fixes libssh

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Fedora 41: libssh Critical Security Fix Advisory 2025-18e8506d3a

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Fedora 41: libssh Critical Security Fix Advisory 2025-18e8506d3a

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!