libssh-0.10.4-17.el9_7

エラータID: AXSA:2025-11566:05

Release date: 
Monday, December 22, 2025 - 18:51
Subject: 
libssh-0.10.4-17.el9_7
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.

Security Fix(es):

* libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend (CVE-2025-5987)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-5987
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

Solution: 

Update packages.

CVEs: 
CVE-2025-5987
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
Additional Info: 

N/A

Download: 

SRPMS
  1. libssh-0.10.4-17.el9_7.src.rpm
    MD5: e55021090687c2e223df278b17bd73ef
    SHA-256: 2da40e38f8e275de5a8a1e468654cf2ad86b7e8710ae9860c2e5266bfda6fdd1
    Size: 655.81 kB

Asianux Server 9 for x86_64
  1. libssh-0.10.4-17.el9_7.i686.rpm
    MD5: 57a4769a170862eb8624431a631765a2
    SHA-256: 0b0a5dac398699dc3615ea5c987d9bb5f12e2f762b9ef45cca243d479ebeaae1
    Size: 228.88 kB
  2. libssh-0.10.4-17.el9_7.x86_64.rpm
    MD5: efc78ae8f7cdfcc648cac6557bd45e63
    SHA-256: 54da6842c63ef01e681ac97a544acbe5d1680658b687eb36b9bf4dd377a574ab
    Size: 213.77 kB
  3. libssh-config-0.10.4-17.el9_7.noarch.rpm
    MD5: 112014bf3ad5ff7671fe50f75f33229a
    SHA-256: 7c0ec1dfe16c5cfc6ae2efb190f1767b1af98465fc5c2ffbb87eed2b14b61f6e
    Size: 8.12 kB
  4. libssh-devel-0.10.4-17.el9_7.i686.rpm
    MD5: 2f07c1f90273437db9c439e19570775d
    SHA-256: 97b6ffbd68b21f1cf2b66698b9fe55d76043ecb09055b852b4c8730ed18bbb3d
    Size: 37.67 kB
  5. libssh-devel-0.10.4-17.el9_7.x86_64.rpm
    MD5: 6f16b7a73ecf34b21d2942ce2b93f6e2
    SHA-256: 2d0d831e93ca9dd7048d816efa02703ee1d8f7e2f8043439201d90c91671eae4
    Size: 37.66 kB