Mageia 9 libssh Important Multiple Security Risks CVE-2025-4877
mageia
June 10, 2026
Security update
Summary
Description:
CVE-2025-4877 Write beyond bounds in binary to base64 conversion
functions
CVE-2025-4878 Use of uninitialized variable in privatekey_from_file()
CVE-2025-5318 Likely read beyond bounds in sftp server handle
management
CVE-2025-5351 Double free in functions exporting keys
CVE-2025-5372 ssh_kdf() returns a success code on certain failures
CVE-2025-5449 Likely read beyond bounds in sftp server message decoding
CVE-2025-5987 Invalid return code for chacha20 poly1305 with OpenSSL
backend
References
- https://bugs.mageia.org/show_bug.cgi?id=34405
- https://www.openwall.com/lists/oss-security/2025/06/27/2
- https://www.cve.org/CVERecord?id=CVE-2025-4877
- https://www.cve.org/CVERecord?id=CVE-2025-4878
- https://www.cve.org/CVERecord?id=CVE-2025-5318
- https://www.cve.org/CVERecord?id=CVE-2025-5351
- https://www.cve.org/CVERecord?id=CVE-2025-5372
- https://www.cve.org/CVERecord?id=CVE-2025-5449
- https://www.cve.org/CVERecord?id=CVE-2025-5987
Topics Covered
Resolution
SRPMS
- 9/core/libssh-0.10.6-1.1.mga9
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Publication date:10 Jun 2026
URL: https://advisories.mageia.org/MGASA-2026-0189.html
Type: security
CVE: CVE-2025-4877, CVE-2025-4878, CVE-2025-5318, CVE-2025-5351, CVE-2025-5372, CVE-2025-5449, CVE-2025-5987
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!