russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets

Summary When SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected. In...

PT-2026-45017

Summary When SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected. In...

[SECURITY] [DLA 4590-1] erlang security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4590-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro May 18, 2026 https://wiki.debian.org/LTS -...

SSH Compression Error Checking

The remote host supports algorithms that can use compression. But when ssh attempts to use compression for that communication, the connections do not succeed. TRUSTED...