libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
Security Fix(es):
- libssh: Double Free Vulnerability in libssh Key Export Functions (CVE-2025-5351)
- libssh: Use of uninitialized variable in privatekey_from_file() (CVE-2025-4878)
- libssh: Write beyond bounds in binary to base64 conversion functions (CVE-2025-4877)
- libssh: NULL Pointer Dereference in libssh KEX Session ID Calculation (CVE-2025-8114)
- libssh: Memory Exhaustion via Repeated Key Exchange in libssh (CVE-2025-8277)
- libssh: Buffer underflow in ssh_get_hexa() on invalid input (CVE-2026-0966)
- libssh: Improper sanitation of paths received from SCP servers (CVE-2026-0964)
- libssh: libssh: Denial of Service via improper configuration file handling (CVE-2026-0965)
- libssh: libssh: Denial of Service via inefficient regular expression processing (CVE-2026-0967)
- libssh: libssh: Denial of Service due to malformed SFTP message (CVE-2026-0968)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.