Release date:
2025-12-02 17:28:46 UTC
Description:
- CVE-2025-5372: fix inconsistent return value interpretation in ssh_kdf()
function to prevent uninitialized key buffers leading to SSH session
compromise
- CVE-2025-5987: fix missing error detection in ChaCha20 initialization that
could leave cipher context partially uninitialized
Updated packages:
-
libssh-0.10.4-15.el9_6.tuxcare.els1.i686.rpm
sha:334e6b9753df98f31183ae28b818100bec531ca6bceaa4fd8c8646ea3518ac3f
-
libssh-0.10.4-15.el9_6.tuxcare.els1.x86_64.rpm
sha:bcda513f09766fed5f00c5394b91b144121761d718209428eece3d94b70919b5
-
libssh-config-0.10.4-15.el9_6.tuxcare.els1.noarch.rpm
sha:71dd6f681c45f3809229cd711b6f73be0ca1de0ba5d47d171cc86f6e0171714f
-
libssh-devel-0.10.4-15.el9_6.tuxcare.els1.i686.rpm
sha:86cdfb677e84d7cb6e3a649870a939f44eeca612110ac180ba4e5f83427a553a
-
libssh-devel-0.10.4-15.el9_6.tuxcare.els1.x86_64.rpm
sha:16e2b06afd8f8267dc87359900d70515876d8eb956c0db90c595591793698b4b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
