{"id":"RLSA-2026:18683","summary":"Moderate: libssh security update","details":"libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* libssh: Double Free Vulnerability in libssh Key Export Functions (CVE-2025-5351)\n\n* libssh: Use of uninitialized variable in privatekey_from_file() (CVE-2025-4878)\n\n* libssh: Write beyond bounds in binary to base64 conversion functions (CVE-2025-4877)\n\n* libssh: NULL Pointer Dereference in libssh KEX Session ID Calculation (CVE-2025-8114)\n\n* libssh: Memory Exhaustion via Repeated Key Exchange in libssh (CVE-2025-8277)\n\n* libssh: Buffer underflow in ssh_get_hexa() on invalid input (CVE-2026-0966)\n\n* libssh: Improper sanitation of paths received from SCP servers (CVE-2026-0964)\n\n* libssh: libssh: Denial of Service via improper configuration file handling (CVE-2026-0965)\n\n* libssh: libssh: Denial of Service via inefficient regular expression processing (CVE-2026-0967)\n\n* libssh: libssh: Denial of Service due to malformed SFTP message (CVE-2026-0968)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 9 Release Notes linked from the References section.","modified":"2026-05-28T16:00:09.071848367Z","published":"2026-05-28T15:43:06.024531Z","upstream":["CVE-2025-4877","CVE-2025-4878","CVE-2025-5351","CVE-2025-8114","CVE-2025-8277","CVE-2026-0964","CVE-2026-0965","CVE-2026-0966","CVE-2026-0967","CVE-2026-0968"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:18683"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369367"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376184"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376193"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2383220"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2383888"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433121"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436979"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436980"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436981"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436982"}],"affected":[{"package":{"name":"libssh","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/libssh?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.4-18.el9"}],"database_specific":{"yum_repository":"BaseOS"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2026:18683.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}