Ubuntu alert USN-8309-1 (libssh2) [LWN.net]


From:
               noreply+usn-bot@canonical.com
To:
               ubuntu-security-announce@lists.ubuntu.com
Subject:
               [USN-8309-1] libssh2 vulnerability
Date:
               Tue, 26 May 2026 18:57:59 +0000
Message-ID:
               <E1wRwyV-0005qN-Dx@lists.ubuntu.com>
==========================================================================
Ubuntu Security Notice USN-8309-1
May 26, 2026

libssh2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS

Summary:

libssh2 could be made to crash if it received specially crafted
network traffic.

Software Description:
- libssh2: Client-side C library implementing the SSH2 protocol

Details:

It was discovered that libssh2 incorrectly handled username and password
length values during SSH password authentication. A remote attacker could
possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  libssh2-1t64                    1.11.1-1ubuntu0.26.04.1

Ubuntu 25.10
  libssh2-1t64                    1.11.1-1ubuntu0.25.10.1

Ubuntu 24.04 LTS
  libssh2-1t64                    1.11.0-4.1ubuntu0.24.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8309-1
  CVE-2026-7598

Package Information:
  https://launchpad.net/ubuntu/+source/libssh2/1.11.1-1ubun...
  https://launchpad.net/ubuntu/+source/libssh2/1.11.1-1ubun...
  https://launchpad.net/ubuntu/+source/libssh2/1.11.0-4.1ub...


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmoV7MQACgkQcpJm3tlz
hgF0Iw/+MMpWLkt/nPaVOTcn0NeJyf9RhXU9vBmThjpFW3ycehjtUZXWoECnKP5m
UtA6M5hcC1jPqryNOL1rNgZ1Ka7fKCB4FksKLHFijCqkZaFi/vtBR3XlwcWA2nOM
29Id74kJLLR4gNt29HnB7IJZYxr0S2rves444Asx7JHT2+/LqJ6+fIV7jklRh/09
N6zk0F7ks/JqzPpk71b3Wyz9wknsrdkYku2sq3GZRer0T7W7zFRKPDR5dQ2RSxJH
8O1P4mfa0LlO06RG+I5qvy0/e0J+3htMnC906WkBKwSOOjqWfRacXIEscItt3IUL
AtIafc7RKZakwGnx7teBeS+gm55mVMsVPJQRAV/GX/AhwFt4Nh5W6/hFQ2pPDaSY
pq7V6koCDhDBzMAaN4BCEJywozn55WhlDQkYjYxESMKo2/43fr1gFOJfjfKUUlmB
NGOYiE0BlPmwl2YKdX7LpiHziUcloLMMBHkYIw2Up4HXGaNtQbXKmC8Aytz03wK6
hEX6uabzkeFWu1uVOc9h56WeT+0UiTyo0pseh5t7sQPHTYySY8EyNBYuPCGeEJ9n
OleWginZ2yO24WXsea+RMYnkQkex6UwWO876G5srgaZPTeA/FdzwGgT2cMavnng9
daNoha1aMzwj1KRpMS665sC0FZ+z5y5AZ3P+ezUnVYEOVojFNF4=
=Ygau
-----END PGP SIGNATURE-----
From:		noreply+usn-bot@canonical.com
To:		ubuntu-security-announce@lists.ubuntu.com
Subject:		[USN-8309-1] libssh2 vulnerability
Date:		Tue, 26 May 2026 18:57:59 +0000
Message-ID:		<E1wRwyV-0005qN-Dx@lists.ubuntu.com>