UbuntuUpdates.org

Package "libssh2-1-dev"

Name: libssh2-1-dev

Description:

SSH2 client-side library (development headers)

Latest version: 1.11.0-4.1ubuntu0.24.04.3
Release: noble (24.04)
Level: updates
Repository: main
Head package: libssh2
Homepage: https://libssh2.org/

Links


Download "libssh2-1-dev"


Other versions of "libssh2-1-dev" in Noble

Repository Area Version
base main 1.11.0-4.1build2
security main 1.11.0-4.1ubuntu0.24.04.3

Changelog

Version: 1.11.0-4.1ubuntu0.24.04.3 2026-07-13 22:09:27 UTC

  libssh2 (1.11.0-4.1ubuntu0.24.04.3) noble-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues in publickey
    - debian/patches/CVE-2026-5805x-pre1.patch: fix potential arbitrary free
      in libssh2_publickey_list_fetch().
    - debian/patches/CVE-2026-5805x-pre2.patch: fix potential multiplication
      overflow in 32-bit libssh2_publickey_list_fetch().
    - debian/patches/CVE-2026-5805x-pre3.patch: cap packet size in
      publickey_packet_receive().
    - debian/patches/CVE-2026-5805x-pre4.patch: fix leaks when
      publickey_response_success() received <8 bytes.
    - debian/patches/CVE-2026-5805x-pre5.patch: fix potential OOB read in
      publickey_response_success().
    - debian/patches/CVE-2026-58051.patch: fix potential OOB read in
      libssh2_publickey_list_fetch().
    - debian/patches/CVE-2026-5805x-pre6.patch: fix potential OOB read.
    - debian/patches/CVE-2026-5805x-pre7.patch: flatten bounds check if blocks
      (tidy-up).
    - debian/patches/CVE-2026-5805x-pre8.patch: rework bounds checks to avoid
      pointer comparisons.
    - debian/patches/CVE-2026-58050.patch: cap variable-length packet element
      sizes.
    - CVE-2026-58050
    - CVE-2026-58051

 -- Marc Deslauriers <email address hidden> Tue, 07 Jul 2026 15:50:14 -0400

Source diff to previous version
CVE-2026-5805 A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of the file /users/contact_us.p
CVE-2026-58051 libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a parse
CVE-2026-58050 libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attr

Version: 1.11.0-4.1ubuntu0.24.04.2 2026-06-30 17:07:25 UTC

  libssh2 (1.11.0-4.1ubuntu0.24.04.2) noble-security; urgency=medium

  * SECURITY UPDATE: OOB read in sftp_symlink()
    - debian/patches/CVE-2025-15661-pre1.patch: add LIBSSH2_UNCONST() in
      src/libssh2_priv.h.
    - debian/patches/CVE-2025-15661.patch: Update sftp_symlink to avoid out of
      bounds read on malformed packet in src/sftp.c.
    - CVE-2025-15661
  * SECURITY UPDATE: pre-authentication denial of service via CPU loop
    - debian/patches/CVE-2026-55199.patch: packet: check `_libssh2_get_string()`
      return in `EXT_INFO` handler in src/packet.c.
    - CVE-2026-55199

 -- Marc Deslauriers <email address hidden> Mon, 29 Jun 2026 09:20:49 -0400

Source diff to previous version
CVE-2025-15661 libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that
CVE-2026-55199 libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src

Version: 1.11.0-4.1ubuntu0.24.04.1 2026-05-27 11:07:24 UTC

  libssh2 (1.11.0-4.1ubuntu0.24.04.1) noble-security; urgency=medium

  * SECURITY UPDATE: integer overflow via long username
    - debian/patches/CVE-2026-7598.patch: add username_len bounds checking in
      src/userauth.c.
    - CVE-2026-7598

 -- Marc Deslauriers <email address hidden> Tue, 05 May 2026 12:49:00 -0400

CVE-2026-7598 A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c



About   -   Send Feedback to @ubuntu_updates