Ubuntu alert USN-7696-1 (libssh)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7696-1] libssh vulnerabilities | |
| Date: | Wed, 20 Aug 2025 05:33:41 +0000 | |
| Message-ID: | <E1uobS9-0008Db-Mh@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7696-1 August 14, 2025 libssh vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in libssh. Software Description: - libssh: A tiny C SSH library Details: Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-4877) Ronald Crane discovered that libssh incorrectly handled the privatekey_from_file() function. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-4878) Ronald Crane discovered that libssh incorrectly handled certain memory operations in the sftp server. An attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. (CVE-2025-5318) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libssh-4 0.9.3-2ubuntu2.5+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libssh-4 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm4 Available with Ubuntu Pro Ubuntu 16.04 LTS libssh-4 0.6.3-4.3ubuntu0.6+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7696-1 CVE-2025-4877, CVE-2025-4878, CVE-2025-5318
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmilBcAACgkQcpJm3tlz hgHTmw/+LDS8oVyln614JRDwElSFSrUhdH/rYdmSU5UxXBue8rhLQ4CA3bRhqo8Y 7stHdgLS2hiek4QcQoD9kfn+xr8MX6PXp8z62bLwOmO9IhGwZaO4b2ngXnJeZcJ0 6hGjC0k5eQoRYEVskRdkjX29DvzlXEaFohjHYi4cMOyPoG2+hNGSHYSuvH/lQEYv ORPHo6S+rECRS8FpXSROBLNez8GiQ9ll2cxx5s2kB3jz9hMxrjBlJXUF+/+m15dP aQhB16gJpCUjBUVx45N6vVpb09UJ4kCQvcxZ3D489+/vFx8c3DinnLIyjlolVyou VNyunXXB9JEZ5eLd2osk9mSJ8w7AEDp+4ivBbhB9fxBNL0k0xs7/f1eg9W7n9art fO8xWkQWn0ePD/LQeHGg7M9LZ8thygsmvuNI8DFN113KxINNA3ZOxUpO83v+0bAc 0M1soO5KgA7LBK+Yu0hxKQzPV9l8U866Gax6MhTqK52b6g/uWUCr7xGhUofoQK3Y DpgC6xs/96vV5ZTJBm5mqaXlJYkQVswOvuGHb+KGlyYNCJoZ0sP4UVKDKxrj+za9 V3A0U7nNK5KqNYej0ZiYvAeof1dZLiviLtBgaP+HbapgBf2jfvR3OM17xESBICOk ukScBDrvNhpuuhSYYBOvUMW6spPVz8LvMZ+0b1IgSA9XQcep8SA= =Bm5e -----END PGP SIGNATURE-----