USN-7619-1: libssh vulnerabilities
Ubuntu ServerCanonical
Update from:USN-7619-1: libssh vulnerabilities
Publication date: 7 July 2025
Overview: Several security issues were fixed in libssh.
Packages
libssh - A tiny C SSH library
Details
Ronald Crane discovered that libssh incorrectly handled certain base64
conversions. An attacker could use this issue to cause libssh to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2025-4877)
Ronald Crane discovered that libssh incorrectly handled the
privatekey_from_file() function. An attacker could use this issue to cause
libssh to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2025-4878)
Ronald Crane discovered that libssh incorrectly handled certain memory
operations in the sftp server. An attacker could possibly use this issue
to cause libssh to crash, resulting in a denial of service.
(CVE-2025-5318, CVE-2025-5449)
Ronald Crane discovered that libssh incorrectly handled exporting keys. An
attacker could possibly use this issue to cause libssh to crash, resulting
in a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu
24.10, and Ubuntu 25.04. (CVE-2025-5351)
Ronald Crane discovered that libssh incorrectly handled the ssh_kdf()
function. An attacker could use this issue to cause libssh to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2025-5372)
Ronald Crane discovered that libssh incorrectly handled the ChaCha20
cipher. An attacker could possibly use this issue to cause libssh to
use partially initialized cypher content. This issue only affected Ubuntu
24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2025-5987)
Packages
- libssh - A tiny C SSH library
Details
Ronald Crane discovered that libssh incorrectly handled certain base64
conversions. An attacker could use this issue to cause libssh to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2025-4877)
Ronald Crane discovered that libssh incorrectly handled the
privatekey_from_file() function. An attacker could use this issue to cause
libssh to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2025-4878)
Ronald Crane discovered that libssh incorrectly handled certain memory
operations in the sftp server. An attacker could possibly use this issue
to cause libssh to crash, resulting in a denial of service.
(CVE-2025-5318, CVE-2025-5449)
Ronald Crane discovered that libssh incorrectly handled exporting keys. An
attacker could possibly use this issue to cause libssh to crash, resulting
in a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu
24.10, and Ubuntu 25.04. (CVE-2025-5351)
Ronald Crane discovered that libssh incorrectly handled the ssh_kdf()
function. An attacker could use this issue to cause libssh to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2025-5372)
Ronald Crane discovered that libssh incorrectly handled the ChaCha20
cipher. An attacker could possibly use this issue to cause libssh to
use partially initialized cypher content. This issue only affected Ubuntu
24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2025-5987)
Update instructions
The problem can be corrected by updating your system to the following package versions:
- 25.04- plucky libssh-4 – 0.11.1-1ubuntu0.1
- 24.10 - oracular libssh-4 – 0.10.6-3ubuntu1.1
- 24.04 - noble libssh-4 – 0.10.6-2ubuntu0.1
- 22.04 - jammy libssh-4 – 0.9.6-2ubuntu0.22.04.4
