UbuntuUpdates.org

Package "libssh2"

Name: libssh2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • SSH2 client-side library (development headers)
  • SSH2 client-side library

Latest version: 1.11.1-1ubuntu0.26.04.3
Release: resolute (26.04)
Level: security
Repository: main

Links



Other versions of "libssh2" in Resolute

Repository Area Version
base main 1.11.1-1build2
updates main 1.11.1-1ubuntu0.26.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.11.1-1ubuntu0.26.04.3 2026-07-13 14:10:44 UTC

  libssh2 (1.11.1-1ubuntu0.26.04.3) resolute-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues in publickey
    - debian/patches/CVE-2026-5805x-pre1.patch: fix potential arbitrary free
      in libssh2_publickey_list_fetch().
    - debian/patches/CVE-2026-5805x-pre2.patch: fix potential multiplication
      overflow in 32-bit libssh2_publickey_list_fetch().
    - debian/patches/CVE-2026-5805x-pre3.patch: cap packet size in
      publickey_packet_receive().
    - debian/patches/CVE-2026-5805x-pre4.patch: fix leaks when
      publickey_response_success() received <8 bytes.
    - debian/patches/CVE-2026-5805x-pre5.patch: fix potential OOB read in
      publickey_response_success().
    - debian/patches/CVE-2026-58051.patch: fix potential OOB read in
      libssh2_publickey_list_fetch().
    - debian/patches/CVE-2026-5805x-pre6.patch: fix potential OOB read.
    - debian/patches/CVE-2026-5805x-pre7.patch: flatten bounds check if blocks
      (tidy-up).
    - debian/patches/CVE-2026-5805x-pre8.patch: rework bounds checks to avoid
      pointer comparisons.
    - debian/patches/CVE-2026-58050.patch: cap variable-length packet element
      sizes.
    - CVE-2026-58050
    - CVE-2026-58051

 -- Marc Deslauriers <email address hidden> Tue, 07 Jul 2026 14:23:05 -0400

Source diff to previous version
CVE-2026-5805 A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of the file /users/contact_us.p
CVE-2026-58051 libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a parse
CVE-2026-58050 libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attr

Version: 1.11.1-1ubuntu0.26.04.2 2026-06-30 14:07:32 UTC

  libssh2 (1.11.1-1ubuntu0.26.04.2) resolute-security; urgency=medium

  * SECURITY UPDATE: OOB read in sftp_symlink()
    - debian/patches/CVE-2025-15661-pre1.patch: add LIBSSH2_UNCONST() in
      src/libssh2_priv.h.
    - debian/patches/CVE-2025-15661.patch: Update sftp_symlink to avoid out of
      bounds read on malformed packet in src/sftp.c.
    - CVE-2025-15661
  * SECURITY UPDATE: pre-authentication denial of service via CPU loop
    - debian/patches/CVE-2026-55199.patch: packet: check `_libssh2_get_string()`
      return in `EXT_INFO` handler in src/packet.c.
    - CVE-2026-55199
  * SECURITY UPDATE: code exec via OOB write in ssh2_transport_read()
    - debian/patches/CVE-2026-55200.patch: transport.c: Additional boundary
      checks for packet length in src/transport.c.
    - CVE-2026-55200

 -- Marc Deslauriers <email address hidden> Mon, 29 Jun 2026 09:11:08 -0400

Source diff to previous version
CVE-2025-15661 libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that
CVE-2026-55199 libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src
CVE-2026-55200 libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bo

Version: 1.11.1-1ubuntu0.26.04.1 2026-05-26 21:07:27 UTC

  libssh2 (1.11.1-1ubuntu0.26.04.1) resolute-security; urgency=medium

  * SECURITY UPDATE: integer overflow via long username
    - debian/patches/CVE-2026-7598.patch: add username_len bounds checking in
      src/userauth.c.
    - CVE-2026-7598

 -- Marc Deslauriers <email address hidden> Tue, 05 May 2026 12:39:40 -0400

CVE-2026-7598 A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c



About   -   Send Feedback to @ubuntu_updates