[CLSA-2025:1759782399] Fix CVE(s): CVE-2025-5372

Type:

security

Severity:

Important

Release date:

2025-10-06 20:26:46 UTC

Description:

   * SECURITY UPDATE: improper return value handling in key derivation function
     - debian/patches/CVE-2025-5372.patch: reformat ssh_kdf() to fix formatting
       issue with EVP_KDF_ctrl calls
     - debian/patches/CVE-2025-5372-1.patch: simplify error checking and handling
       of return codes in ssh_kdf
     - CVE-2025-5372

Updated packages:

libssh-4_0.9.3-2ubuntu2.5+tuxcare.els2_amd64.deb
sha:736e99056592f9ced27524ff5ed39586e4e9c849
libssh-dev_0.9.3-2ubuntu2.5+tuxcare.els2_amd64.deb
sha:99c30a4ddb8843eb90050bc7d2c494a319e642a1
libssh-doc_0.9.3-2ubuntu2.5+tuxcare.els2_all.deb
sha:5207e8f9fbba706bea6ce7bc52daf2c2c6fdcc9c
libssh-gcrypt-4_0.9.3-2ubuntu2.5+tuxcare.els2_amd64.deb
sha:f776fbe535e0e1f6b14af271485686fc1e69df66
libssh-gcrypt-dev_0.9.3-2ubuntu2.5+tuxcare.els2_amd64.deb
sha:b722ccd1c624792243eff35023a823939278fb41

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.