Advisory ROSA-SA-2025-2776

Software: libssh 0.9.6 OS: ROSA Virtualization 2.1 packageevrstring: libssh-0.9.6-14.rv3 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection...

Security update for curl

This update for curl fixes the following issues: Update to 8.12.1: Bugfixes: asyn-thread: fix build with 'CURLDISABLESOCKETPAIR' asyn-thread: fix HTTPS RR crash asyn-thread: fix the returned bitmask from Curlresolvergetsock asyn-thread: survive a c-ares channel set to NULL cmake: always reference...

GHSA-F35J-MFVW-P857 vulnerabilities

Vulnerabilities for packages: libssh...

GHSA-F35J-MFVW-P857 vulnerabilities

Vulnerabilities for packages: libssh...

Azure Linux 3.0 Security Update: cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt (CVE-2023-48795)

The version of cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-48795 advisory. - The SSH transport protocol with certain...

Security Bulletin: TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocol

Summary TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocold. A patch has been provided that updates the libssh library. CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH...

Advisory ROSA-SA-2025-2674

software: libssh 0.9.8 OS: ROSA-CHROME packageevrstring: libssh-0.9.8-1 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and...

K000149288: libssh vulnerabilities CVE-2019-3859 and CVE-2019-3860

Security Advisory Description CVE-2019-3859 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire and libssh2packetrequirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

F5 Networks BIG-IP : libssh vulnerabilities (K000149288)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the K000149288 advisory. CVE-2019-3859An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire...

CVE-2021-3634 affecting package libssh 0.9.5-2

CVE-2021-3634 affecting package libssh 0.9.5-2. This CVE either no longer is or was never applicable...

PT-2025-27033

Name of the Vulnerable Software and Affected Versions: Debian Linux affected versions not specified Description: The issue concerns package vulnerabilities in libssh. No further details are available due to the lack of information in the provided descriptions. Recommendations: At the moment, ther...

PT-2026-1660

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A key passphrase bypass is present in libssh when an agent is not set. This issue was discovered through analysis using curl. The potential impact is currently unknown. The vulnerability affects...

PT-2025-27028

Name of the Vulnerable Software and Affected Versions: Debian Linux affected versions not specified Description: The issue concerns package vulnerabilities in libssh within Debian Linux. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

PT-2025-30668

Name of the Vulnerable Software and Affected Versions libssh affected versions not specified Description A flaw exists in libssh, a library implementing the SSH protocol. During the key exchange KEX process, an allocation failure within cryptographic functions can result in a NULL pointer...

PT-2025-36723

Name of the Vulnerable Software and Affected Versions: libssh affected versions not specified Description: A memory exhaustion issue exists in libssh’s handling of key exchange KEX processes. When a client repeatedly sends incorrect KEX guesses, the library fails to free memory during rekey...

PT-2026-1659

Name of the Vulnerable Software and Affected Versions libssh affected versions not specified Description The libssh software contains a flaw related to a global knownhost override. This issue could potentially allow an attacker to bypass host key verification, potentially leading to...

PT-2025-27029

Name of the Vulnerable Software and Affected Versions: Debian Linux affected versions not specified Description: The issue concerns package vulnerabilities in libssh within Debian Linux. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

PT-2025-27031

Name of the Vulnerable Software and Affected Versions: Debian Linux affected versions not specified Description: The issue concerns package vulnerabilities in libssh within Debian Linux. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

PT-2025-27030 · Debian +3 · Debian +3

Name of the Vulnerable Software and Affected Versions: Debian Linux affected versions not specified Description: The issue concerns package vulnerabilities in libssh. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

Security Bulletin: Vulnerabilities in libssh (CVE-2023-6004, CVE-2023-6918) affect Power HMC.

Summary The libssh library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-6004 DESCRIPTION: libssh could allow a local authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the...