curl: CVE-2025-15079: libssh global knownhost override

A vulnerability was discovered in libssh where the SSHOPTIONSGLOBALKNOWNHOSTS option was used to specify a global knownhosts file. If the host was not found in the file specified by SSHOPTIONSKNOWNHOSTS, the global file was checked, potentially allowing any host identities specified in the defaul...

Security Bulletin: TSSC/IMC is vulnerable to an Out-of-bounds Read

Summary TSSC/IMC is vulnerable to an Out-of-bounds Read. A patch was released to update the libssh package. Vulnerability Details CVEID:CVE-2025-5318 DESCRIPTION: A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftphandle function...

AlmaLinux 9 : libssh (ALSA-2025:23483)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:23483 advisory. libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend CVE-2025-5987 Tenable has extracted the preceding description block directly from the...

AlmaLinux 10 : libssh (ALSA-2025:23484)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:23484 advisory. libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend CVE-2025-5987 Tenable has extracted the preceding description block directly from the...

RLSA-2025:23483 Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend CVE-2025-5987 For more details about the security issues, including the impact, a CVSS score,...

libssh security update

An update is available for libssh. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libssh is a library which implements the SSH protocol. It can be used to...

RockyLinux 9 : libssh (RLSA-2025:23483)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:23483 advisory. libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend CVE-2025-5987 Tenable has extracted the preceding description block directly from the...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2025-2584)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2025-2549)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHSA-2025:23483 Red Hat Security Advisory: libssh security update

Bulletin has no description...

RHSA-2025:23484 Red Hat Security Advisory: libssh security update

Bulletin has no description...

libssh security update

An update is available for libssh. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libssh is a library which implements the SSH protocol. It can be used to...

RLSA-2025:23484 Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend CVE-2025-5987 For more details about the security issues, including the impact, a CVSS score,...

Moderate: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

EulerOS Virtualization 2.13.1 : libssh (EulerOS-SA-2025-2549)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to...

RHEL 9 : libssh (RHSA-2025:23483)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23483 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid...

RockyLinux 10 : libssh (RLSA-2025:23484)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:23484 advisory. libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend CVE-2025-5987 Tenable has extracted the preceding description block directly from the...

Oracle Linux 10 : libssh (ELSA-2025-23484)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-23484 advisory. 0.11.1-5 - Fix CVE-2025-5987 Resolves: RHEL-130040 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...

libssh security update

0.10.4-17 - Bump spec to resolve build tagging issues 0.10.4-16 - Fix CVE-2025-5987 Resolves: RHEL-130051 - Workaround sshd failure rate limiting in tests Resolves: RHEL-135506...

Oracle Linux 9 : libssh (ELSA-2025-23483)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-23483 advisory. - Fix CVE-2025-5987 Resolves: RHEL-130051 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...