UbuntuUpdates.org

Package "libssh-gcrypt-4"

Name: libssh-gcrypt-4

Description:

tiny C SSH library (gcrypt flavor)
Latest version: 0.10.6-2ubuntu0.3
Release: noble (24.04)
Level: updates
Repository: main
Head package: libssh
Homepage: https://www.libssh.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libssh-gcrypt-4"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libssh-gcrypt-4" in Noble

Repository Area Version
base main 0.10.6-2build2
security main 0.10.6-2ubuntu0.3

Changelog

Version: 0.10.6-2ubuntu0.3 2026-02-19 00:07:56 UTC

  libssh (0.10.6-2ubuntu0.3) noble-security; urgency=medium

  * SECURITY UPDATE: memory leak in key exchange
    - debian/patches/CVE-2025-8277-1.patch: adjust packet filter to work
      when DH-GEX is guessed wrongly in src/packet.c.
    - debian/patches/CVE-2025-8277-2.patch: fix memory leak of unused
      ephemeral key pair after client's wrong KEX guess in src/dh_crypto.c,
      src/dh_key.c, src/ecdh_crypto.c, src/ecdh_gcrypt.c,
      src/ecdh_mbedcrypto.c.
    - debian/patches/CVE-2025-8277-3.patch: free previously allocated
      pubkeys in src/ecdh_crypto.c, src/ecdh_gcrypt.c.
    - debian/patches/CVE-2025-8277-4.patch: avoid leaking ecdh keys in
      src/ecdh_mbedcrypto.c, src/wrapper.c.
    - CVE-2025-8277
  * SECURITY UPDATE: Improper sanitation of paths received from SCP servers
    - debian/patches/CVE-2026-0964.patch: reject invalid paths received
      through scp in src/scp.c.
    - CVE-2026-0964
  * SECURITY UPDATE: DoS via improper configuration file handling
    - debian/patches/CVE-2026-0965.patch: do not attempt to read
      non-regular and too large configuration files in
      include/libssh/misc.h, include/libssh/priv.h, src/bind_config.c,
      src/config.c, src/dh-gex.c, src/known_hosts.c, src/knownhosts.c,
      src/misc.c, tests/unittests/torture_config.c.
    - CVE-2026-0965
  * SECURITY UPDATE: Buffer underflow in ssh_get_hexa() on invalid input
    - debian/patches/CVE-2026-0966-1.patch: avoid heap buffer underflow in
      ssh_get_hexa in src/misc.c.
    - debian/patches/CVE-2026-0966-2.patch: test coverage for ssh_get_hexa
      in tests/unittests/torture_misc.c.
    - debian/patches/CVE-2026-0966-3.patch: update guided tour to use
      SHA256 fingerprints in doc/guided_tour.dox.
    - CVE-2026-0966
  * SECURITY UPDATE: DoS via inefficient regular expression processing
    - debian/patches/CVE-2026-0967.patch: avoid recursive matching (ReDoS)
      in src/match.c, tests/unittests/torture_config.c.
    - CVE-2026-0967
  * SECURITY UPDATE: DoS due to malformed SFTP message
    - debian/patches/CVE-2026-0968-1.patch: sanitize input handling in
      sftp_parse_longname() in src/sftp.c.
    - debian/patches/CVE-2026-0968-2.patch: reproducer for invalid longname
      data in tests/unittests/CMakeLists.txt,
      tests/unittests/torture_unit_sftp.c.
    - CVE-2026-0968

 -- Marc Deslauriers <email address hidden> Fri, 13 Feb 2026 09:41:22 -0500
Source diff to previous version
CVE-2025-8277 A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free
CVE-2026-0964 Improper sanitation of paths received from SCP servers
CVE-2026-0965 Denial of Service via improper configuration file handling
CVE-2026-0966 Buffer underflow in ssh_get_hexa() on invalid input
CVE-2026-0967 Denial of Service via inefficient regular expression processing
CVE-2026-0968 Denial of Service due to malformed SFTP message

Version: 0.10.6-2ubuntu0.2 2025-10-31 04:07:17 UTC

  libssh (0.10.6-2ubuntu0.2) noble-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2025-8114.patch: sets rc to SSH_ERROR prior to goto
      error in ssh_make_sessionid() of src/kex.c.
    - CVE-2025-8114

 -- Ian Constantin <email address hidden> Wed, 29 Oct 2025 14:58:24 +0200
Source diff to previous version
CVE-2025-8114 A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an all

Version: 0.10.6-2ubuntu0.1 2025-07-07 19:07:13 UTC

  libssh (0.10.6-2ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: Write beyond bounds in binary to base64 conversion
    functions
    - debian/patches/CVE-2025-4877.patch: prevent integer overflow and
      potential OOB.
    - CVE-2025-4877
  * SECURITY UPDATE: Use of uninitialized variable in
    privatekey_from_file()
    - debian/patches/CVE-2025-4878-1.patch: initialize pointers where
      possible.
    - debian/patches/CVE-2025-4878-2.patch: properly check return value to
      avoid NULL pointer dereference.
    - CVE-2025-4878
  * SECURITY UPDATE: OOB read in sftp_handle function
    - debian/patches/CVE-2025-5318.patch: fix possible buffer overrun.
    - CVE-2025-5318
  * SECURITY UPDATE: Double free in functions exporting keys
    - debian/patches/CVE-2025-5351.patch: avoid double-free on low-memory
      conditions.
    - CVE-2025-5351
  * SECURITY UPDATE: ssh_kdf() returns a success code on certain failures
    - debian/patches/CVE-2025-5372-pre1.patch: Reformat ssh_kdf().
    - debian/patches/CVE-2025-5372.patch: simplify error checking and
      handling of return codes in ssh_kdf().
    - CVE-2025-5372
  * SECURITY UPDATE: Invalid return code for chacha20 poly1305 with OpenSSL
    backend
    - debian/patches/CVE-2025-5987.patch: correctly detect failures of
      chacha initialization.
    - CVE-2025-5987
  * SECURITY UPDATE: Missing packet filter may expose to variant of
    Terrapin attack
    - debian/patches/missing_packet_filter.patch: implement missing packet
      filter for DH GEX.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Wed, 02 Jul 2025 13:58:28 -0400
CVE-2025-5318 A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that
CVE-2025-5351 A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys i
CVE-2025-5372 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation


About   -   Send Feedback to @ubuntu_updates