Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

Ubuntu 25.10 Libssh Critical DoS Issues CVE-2025-8277 USN-8051-1

Calendar Feb 18, 2026 User Avatar LinuxSecurity Advisories
2 - 3 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service critical remote access Ubuntu libssh
Several security issues were fixed in libssh. 
==========================================================================
Ubuntu Security Notice USN-8051-1
February 18, 2026

libssh vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in libssh.

Software Description:
- libssh: A tiny C SSH library

Details:

It was discovered that libssh clients incorrectly handled the key exchange
process. A remote attacker could possibly use this issue to cause libssh
clients to crash, resulting in a denial of service. (CVE-2025-8277)

It was discovered that the libssh SCP client incorrectly sanitized paths
received from servers. A remote attacker could use this issue to cause
libssh SCP clients to overwrite files outside of the working directory and
possibly execute arbitrary code. (CVE-2026-0964)

It was discovered that libssh incorrectly handled parsing configuration
files. A local attacker could possibly use this issue to cause libssh to
access non-regular files, resulting in a denial of service. (CVE-2026-0965)

It was discovered that libssh incorrectly handled the ssh_get_hexa()
function. A remote attacker could possibly use this issue to cause libssh
to crash, resulting in a denial of service. (CVE-2026-0966)

It was discovered that libssh incorrectly handled certain regular
expressions. A local attacker could possibly use this issue to cause libssh
to consume resources, resulting in a denial of service. (CVE-2026-0967)

It was discovered that the libssh SFTP client incorrectly handled certain
malformed longname fields. A remote attacker could use this issue to cause
libssh SFTP clients to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2026-0968)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  libssh-4                        0.11.2-1ubuntu0.2

Ubuntu 24.04 LTS
  libssh-4                        0.10.6-2ubuntu0.3

Ubuntu 22.04 LTS
  libssh-4                        0.9.6-2ubuntu0.22.04.6

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8051-1
  CVE-2025-8277, CVE-2026-0964, CVE-2026-0965, CVE-2026-0966,
  CVE-2026-0967, CVE-2026-0968

Package Information:
  https://launchpad.net/ubuntu/+source/libssh/0.11.2-1ubuntu0.2
  https://launchpad.net/ubuntu/+source/libssh/0.10.6-2ubuntu0.3
  https://launchpad.net/ubuntu/+source/libssh/0.9.6-2ubuntu0.22.04.6

Ubuntu 25.10 Libssh Critical DoS Issues CVE-2025-8277 USN-8051-1

ubuntu
Calendar Grey February 18, 2026
Dist Ubuntu Esm H88
Address critical libssh vulnerabilities in Ubuntu affecting several versions with recommended updates to prevent DoS attacks.
Several security issues were fixed in libssh.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in libssh. Software Description: - libssh: A tiny C SSH library Details: It was discovered that libssh clients incorrectly handled the key exchange process. A remote attacker could possibly use this issue to cause libssh clients to crash, resulting in a denial of service. (CVE-2025-8277) It was discovered that the libssh SCP client incorrectly sanitized paths received from servers. A remote attacker could use this issue to cause libssh SCP clients to overwrite files outside of the working directory and possibly execute arbitrary code. (CVE-2026-0964) It was discovered that libssh incorrectly handled parsing configuration files. A local attacker could possibly use this issue to cause libssh to access non-regular files, resulting in a denial of service. (CVE-2026-0965) It was discovered that libssh incorrectly...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service critical remote access Ubuntu libssh

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 libssh-4 0.11.2-1ubuntu0.2 Ubuntu 24.04 LTS libssh-4 0.10.6-2ubuntu0.3 Ubuntu 22.04 LTS libssh-4 0.9.6-2ubuntu0.22.04.6 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8051-1

CVE-2025-8277, CVE-2026-0964, CVE-2026-0965, CVE-2026-0966,

CVE-2026-0967, CVE-2026-0968

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8051-1

Topics%20covered

Topics Covered

security advisory denial of service critical remote access Ubuntu libssh

Package Information

https://launchpad.net/ubuntu/+source/libssh/0.11.2-1ubuntu0.2 https://launchpad.net/ubuntu/+source/libssh/0.10.6-2ubuntu0.3 https://launchpad.net/ubuntu/+source/libssh/0.9.6-2ubuntu0.22.04.6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here