libssh2 is a library implementing the SSH2 protocol as defined by
Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25),
SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*,
SECSH-DHGEX(04), and SECSH-NUMBERS(10).
Update Information:
This update, to the current upstream libssh2 release, addresses a couple of security issues: CVE-2023-6918 (missing checks for return values for digests) CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) - "Terrapin") It also removes support for a number of legacy algorithms that were disabled by default or removed from OpenSSH in the 2015-2018 time period. See the RELEASE_NOTES file for full details. In addition, there are a large number of bug fixes and enhancements, which again are described in the RELEASE_NOTES file.
* Wed Oct 16 2024 Paul Howarth
[ 1 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
[ 2 ] Bug #2254997 - CVE-2023-6918 libssh: Missing checks for return values for digests
https://bugzilla.redhat.com/show_bug.cgi?id=2254997
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-9cee4b3ac0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
Get the latest Linux and open source security news straight to your inbox.