Ubuntu 26.04 LTS libssh2 Important DoS Remote Code Exec USN-8486-1
ubuntu
June 30, 2026
Several security issues were fixed in libssh2.
Summary
Several security issues were fixed in libssh2.
Software Description:
- libssh2: Client-side C library implementing the SSH2 protocol
Details:
It was discovered that libssh2 incorrectly handled the sftp_symlink()
function. A malicious SSH server or machine-in-the-middle attacker could
possibly use this issue to obtain sensitive information or cause a denial
of service. (CVE-2025-15661)
It was discovered that libssh2 had a pre-authentication denial of service
vulnerability in the SSH_MSG_EXT_INFO handler. A malicious SSH server could
possibly use this issue to cause a client CPU exhaustion loop, resulting in
a denial of service. (CVE-2026-55199)
It was discovered that libssh2 incorrectly handled packet length fields. A
remote attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS.
(CVE-2026-55200)
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libssh2-1t64 1.11.1-1ubuntu0.26.04.2 Ubuntu 25.10 libssh2-1t64 1.11.1-1ubuntu0.25.10.2 Ubuntu 24.04 LTS libssh2-1t64 1.11.0-4.1ubuntu0.24.04.2 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-8486-1
CVE-2025-15661, CVE-2026-55199, CVE-2026-55200
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8486-1
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!