[Apollo] Advisories Statistics light light Login

RLSA-2026:18683

Security Mirrored from RHSA-2026:18683
Issued at: 2026-05-28
Updated at: 2026-05-29

Synopsis

Moderate: libssh security update



Description

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.

Security Fix(es):

* libssh: Double Free Vulnerability in libssh Key Export Functions (CVE-2025-5351)

* libssh: Use of uninitialized variable in privatekey_from_file() (CVE-2025-4878)

* libssh: Write beyond bounds in binary to base64 conversion functions (CVE-2025-4877)

* libssh: NULL Pointer Dereference in libssh KEX Session ID Calculation (CVE-2025-8114)

* libssh: Memory Exhaustion via Repeated Key Exchange in libssh (CVE-2025-8277)

* libssh: Buffer underflow in ssh_get_hexa() on invalid input (CVE-2026-0966)

* libssh: Improper sanitation of paths received from SCP servers (CVE-2026-0964)

* libssh: libssh: Denial of Service via improper configuration file handling (CVE-2026-0965)

* libssh: libssh: Denial of Service via inefficient regular expression processing (CVE-2026-0967)

* libssh: libssh: Denial of Service due to malformed SFTP message (CVE-2026-0968)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 9 Release Notes linked from the References section.



Affected products

Rocky Linux 9 aarch64 Rocky Linux 9 ppc64le Rocky Linux 9 s390x Rocky Linux 9 x86_64

Fixes

2369367 2376184 2376193 2383220 2383888 2433121 2436979 2436980 2436981 2436982

CVEs

CVE-2025-4877 CVE-2025-4878 CVE-2025-5351 CVE-2025-8114 CVE-2025-8277 CVE-2026-0964 CVE-2026-0965 CVE-2026-0966 CVE-2026-0967 CVE-2026-0968

Affected packages

Rocky Linux 9 aarch64 - BaseOS

libssh-0:0.10.4-18.el9.aarch64.rpm libssh-0:0.10.4-18.el9.src.rpm libssh-config-0:0.10.4-18.el9.noarch.rpm libssh-debuginfo-0:0.10.4-18.el9.aarch64.rpm libssh-debugsource-0:0.10.4-18.el9.aarch64.rpm

Rocky Linux 9 x86_64 - BaseOS

libssh-0:0.10.4-18.el9.i686.rpm libssh-0:0.10.4-18.el9.src.rpm libssh-0:0.10.4-18.el9.x86_64.rpm libssh-config-0:0.10.4-18.el9.noarch.rpm libssh-debuginfo-0:0.10.4-18.el9.i686.rpm libssh-debuginfo-0:0.10.4-18.el9.x86_64.rpm libssh-debugsource-0:0.10.4-18.el9.i686.rpm libssh-debugsource-0:0.10.4-18.el9.x86_64.rpm

Rocky Linux 9 ppc64le - BaseOS

libssh-0:0.10.4-18.el9.ppc64le.rpm libssh-0:0.10.4-18.el9.src.rpm libssh-config-0:0.10.4-18.el9.noarch.rpm libssh-debuginfo-0:0.10.4-18.el9.ppc64le.rpm libssh-debugsource-0:0.10.4-18.el9.ppc64le.rpm

Rocky Linux 9 s390x - BaseOS

libssh-0:0.10.4-18.el9.s390x.rpm libssh-0:0.10.4-18.el9.src.rpm libssh-config-0:0.10.4-18.el9.noarch.rpm libssh-debuginfo-0:0.10.4-18.el9.s390x.rpm libssh-debugsource-0:0.10.4-18.el9.s390x.rpm

Rocky Linux 9 aarch64 - AppStream

libssh-devel-0:0.10.4-18.el9.aarch64.rpm

Rocky Linux 9 x86_64 - AppStream

libssh-devel-0:0.10.4-18.el9.i686.rpm libssh-devel-0:0.10.4-18.el9.x86_64.rpm

Rocky Linux 9 ppc64le - AppStream

libssh-devel-0:0.10.4-18.el9.ppc64le.rpm

Rocky Linux 9 s390x - AppStream

libssh-devel-0:0.10.4-18.el9.s390x.rpm