Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.311 Vulnerability Details CVEID:CVE-2025-4878 DESCRIPTION: A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function...

Azure Linux 3.0 Security Update: libssh (CVE-2023-6004)

The version of libssh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6004 advisory. - A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked...

MiracleLinux 9 : libssh-0.10.4-11.el9 (AXSA:2023-6991:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6991:04 advisory. libssh: NULL pointer dereference during rekeying with algorithm guessing CVE-2023-1667 libssh: authorization bypass in pkiverifydatasignature...

MiracleLinux 8 : libssh-0.9.6-14.el8 (AXSA:2024-8172:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8172:04 advisory. libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values fo...

MiracleLinux 9 : libssh-0.10.4-13.el9 (AXSA:2024-7773:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7773:03 advisory. libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values fo...

MiracleLinux 8 : libssh-0.9.6-10.el8 (AXSA:2023-6150:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6150:03 advisory. libssh: NULL pointer dereference during rekeying with algorithm guessing CVE-2023-1667 libssh: authorization bypass in pkiverifydatasignature...

MiracleLinux 8 : libssh-0.9.6-13.el8_9 (AXSA:2024-7496:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7496:01 advisory. ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 Tenable has extracted the preceding description block directly from the MiracleLin...

MiracleLinux 8 : libssh-0.9.4-2.el8 (AXSA:2021-1281:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1281:01 advisory. libssh: denial of service when handling AES-CTR or DES ciphers CVE-2020-1730 libssh: unsanitized location in scp could lead to unwanted command...

MiracleLinux 8 : libssh-0.9.4-3.el8 (AXSA:2021-2641:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2641:02 advisory. libssh: NULL pointer dereference in sftpserver.c if sshbuffernew returns NULL CVE-2020-16135 Tenable has extracted the preceding description block directly...

Curl 7.58.0 < 8.18.0 Multiple Vulnerabilities

The version of curl installed on the remote host is 7.58 = 8.17.0. It is, therefore, affected by multiple vulnerabilities when built with the libssh backend: - A key passphrase bypass vulnerability exists where curl wrongly authenticates using a locally running SSH agent even when specifically...

MiracleLinux 8 : libssh-0.9.6-3.el8 (AXSA:2022-3399:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3399:01 advisory. libssh: possible heap-based buffer overflow when rekeying CVE-2021-3634 Tenable has extracted the preceding description block directly from the MiracleLinux...

EulerOS 2.0 SP12 : libssh (EulerOS-SA-2026-1073)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libssh's handling of key exchange KEX processes when a client repeatedly sends incorrect KEX guesses. The library fails to free...

EulerOS 2.0 SP10 : libssh (EulerOS-SA-2026-1031)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libssh's handling of key exchange KEX processes when a client repeatedly sends incorrect KEX guesses. The library fails to free...

EulerOS 2.0 SP12 : libssh (EulerOS-SA-2026-1093)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libssh's handling of key exchange KEX processes when a client repeatedly sends incorrect KEX guesses. The library fails to free...

EulerOS 2.0 SP10 : libssh (EulerOS-SA-2026-1052)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libssh's handling of key exchange KEX processes when a client repeatedly sends incorrect KEX guesses. The library fails to free...

OPENSUSE-SU-2026:20031-1 Security update for curl

This update for curl fixes the following issues: This update for curl fixes the following issues: - CVE-2025-14017: broken TLS options for threaded LDAPS bsc1256105. - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override...

SUSE-SU-2026:20110-1 Security update for curl

This update for curl fixes the following issues: This update for curl fixes the following issues: - CVE-2025-14017: broken TLS options for threaded LDAPS bsc1256105. - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override...

SUSE-SU-2026:20082-1 Security update for curl

This update for curl fixes the following issues: This update for curl fixes the following issues: - CVE-2025-14017: broken TLS options for threaded LDAPS bsc1256105. - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override...

RHSA-2026:0431 Red Hat Security Advisory: libssh security update

Bulletin has no description...

RHSA-2026:0430 Red Hat Security Advisory: libssh security update

Bulletin has no description...