Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu 25.04: USN-7619-1 critical: libssh remote code execution

ubuntu
Calendar Grey July 7, 2025
Dist Ubuntu Esm H88
Multiple vulnerabilities in libssh have been identified that could lead to system crashes and potential remote code execution. Ubuntu users are advised to apply the necessary updates.
Several security issues were fixed in libssh.

Summary

Several security issues were fixed in libssh.

Software Description:

- libssh: A tiny C SSH library

Details:

Ronald Crane discovered that libssh incorrectly handled certain base64

conversions. An attacker could use this issue to cause libssh to crash,

resulting in a denial of service, or possibly execute arbitrary code.

(CVE-2025-4877)

Ronald Crane discovered that libssh incorrectly handled the

privatekey_from_file() function. An attacker could use this issue to cause

libssh to crash, resulting in a denial of service, or possibly execute

arbitrary code. (CVE-2025-4878)

Ronald Crane discovered that libssh incorrectly handled certain memory

operations in the sftp server. An attacker could possibly use this issue

to cause libssh to crash, resulting in a denial of service.

(CVE-2025-5318, CVE-2025-5449)

Ronald Crane discovered that libssh incorrectly handled exporting keys. An

attacker could possibly use this issue to cause libssh to crash, resulting

in a denial of service. This i...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  libssh-4                        0.11.1-1ubuntu0.1

Ubuntu 24.10
  libssh-4                        0.10.6-3ubuntu1.1

Ubuntu 24.04 LTS
  libssh-4                        0.10.6-2ubuntu0.1

Ubuntu 22.04 LTS
  libssh-4                        0.9.6-2ubuntu0.22.04.4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7619-1

CVE-2025-4877, CVE-2025-4878, CVE-2025-5318, CVE-2025-5351,

CVE-2025-5372, CVE-2025-5449, CVE-2025-5987

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7619-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here