CVE-2025-15079 libssh global known_hosts override

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

openSUSE 15 Security Update : curl (SUSE-SU-2026:0050-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0050-1 advisory. - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override bsc1255732. -...

SUSE-SU-2026:0052-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override bsc1255732. - CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. - CVE-2025-15224: OpenSSL partial...

Security update for curl

This update for curl fixes the following issues: CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. CVE-2025-14819: libssh global knownhost override bsc1255732. CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. CVE-2025-15224: OpenSSL partial chain...

SUSE-SU-2026:0051-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override bsc1255732. - CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. - CVE-2025-15224: OpenSSL partial...

SUSE-SU-2026:0050-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override bsc1255732. - CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. - CVE-2025-15224: OpenSSL partial...

Security update for curl

This update for curl fixes the following issues: CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. CVE-2025-14819: libssh global knownhost override bsc1255732. CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. CVE-2025-15224: OpenSSL partial chain...

CURL-CVE-2025-15079 libssh global known_hosts override

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

CURL-CVE-2025-15224 libssh key passphrase bypass without agent set

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

CVE-2025-8114 vulnerabilities

Vulnerabilities for packages: libssh...

GHSA-FPR2-PGQ7-QWG4 vulnerabilities

Vulnerabilities for packages: libssh...

CVE-2025-8114 vulnerabilities

Vulnerabilities for packages: libssh...

GHSA-FPR2-PGQ7-QWG4 vulnerabilities

Vulnerabilities for packages: libssh...

CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

UBUNTU-CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

PT-2026-20976

Name of the Vulnerable Software and Affected Versions libssh-config affected versions not specified Description The software is susceptible to a denial of service due to improper handling of configuration files. Recommendations At the moment, there is no information about a newer version that...

PT-2026-20978

Name of the Vulnerable Software and Affected Versions libssh-config versions prior to 0.11.4-1.1 Description The software is susceptible to a denial of service condition resulting from inefficient handling of regular expressions. Recommendations Update to libssh-config version 0.11.4-1.1 or later...

PT-2026-20975

Name of the Vulnerable Software and Affected Versions libssh affected versions not specified Description The software contains an issue related to improper sanitation of paths received from SCP servers. This could potentially lead to security consequences. Recommendations At the moment, there is ...

PT-2026-20977

Name of the Vulnerable Software and Affected Versions libssh-config versions prior to 0.11.4-1.1 Description A buffer underflow issue exists in the ssh get hexa function when processing invalid input. This can potentially lead to unexpected behavior or compromise the system. Recommendations Updat...

EulerOS Virtualization 2.13.0 : libssh (EulerOS-SA-2025-2610)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX...