UbuntuUpdates.org

Package "libssh2"

Name: libssh2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • SSH2 client-side library (development headers)
  • SSH2 client-side library
Latest version: 1.11.1-1ubuntu0.25.10.2
Release: questing (25.10)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libssh2" in Questing

Repository Area Version
base main 1.11.1-1build1
security main 1.11.1-1ubuntu0.25.10.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.11.1-1ubuntu0.25.10.2 2026-06-30 17:07:28 UTC

  libssh2 (1.11.1-1ubuntu0.25.10.2) questing-security; urgency=medium

  * SECURITY UPDATE: OOB read in sftp_symlink()
    - debian/patches/CVE-2025-15661-pre1.patch: add LIBSSH2_UNCONST() in
      src/libssh2_priv.h.
    - debian/patches/CVE-2025-15661.patch: Update sftp_symlink to avoid out of
      bounds read on malformed packet in src/sftp.c.
    - CVE-2025-15661
  * SECURITY UPDATE: pre-authentication denial of service via CPU loop
    - debian/patches/CVE-2026-55199.patch: packet: check `_libssh2_get_string()`
      return in `EXT_INFO` handler in src/packet.c.
    - CVE-2026-55199
  * SECURITY UPDATE: code exec via OOB write in ssh2_transport_read()
    - debian/patches/CVE-2026-55200.patch: transport.c: Additional boundary
      checks for packet length in src/transport.c.
    - CVE-2026-55200

 -- Marc Deslauriers <email address hidden> Mon, 29 Jun 2026 09:13:22 -0400
Source diff to previous version
CVE-2025-15661 libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that
CVE-2026-55199 libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src
CVE-2026-55200 libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bo

Version: 1.11.1-1ubuntu0.25.10.1 2026-05-27 11:07:28 UTC

  libssh2 (1.11.1-1ubuntu0.25.10.1) questing-security; urgency=medium

  * SECURITY UPDATE: integer overflow via long username
    - debian/patches/CVE-2026-7598.patch: add username_len bounds checking in
      src/userauth.c.
    - CVE-2026-7598

 -- Marc Deslauriers <email address hidden> Tue, 05 May 2026 12:43:43 -0400
CVE-2026-7598 A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c


About   -   Send Feedback to @ubuntu_updates