[ubuntu/oracular-security] libssh 0.10.6-3ubuntu1.1 (Accepted)

[Marc Deslauriers]

libssh (0.10.6-3ubuntu1.1) oracular-security; urgency=medium

  * SECURITY UPDATE: Write beyond bounds in binary to base64 conversion
    functions
    - debian/patches/CVE-2025-4877.patch: prevent integer overflow and
      potential OOB.
    - CVE-2025-4877
  * SECURITY UPDATE: Use of uninitialized variable in
    privatekey_from_file()
    - debian/patches/CVE-2025-4878-1.patch: initialize pointers where
      possible.
    - debian/patches/CVE-2025-4878-2.patch: properly check return value to
      avoid NULL pointer dereference.
    - CVE-2025-4878
  * SECURITY UPDATE: OOB read in sftp_handle function
    - debian/patches/CVE-2025-5318.patch: fix possible buffer overrun.
    - CVE-2025-5318
  * SECURITY UPDATE: Double free in functions exporting keys
    - debian/patches/CVE-2025-5351.patch: avoid double-free on low-memory
      conditions.
    - CVE-2025-5351
  * SECURITY UPDATE: ssh_kdf() returns a success code on certain failures
    - debian/patches/CVE-2025-5372-pre1.patch: Reformat ssh_kdf().
    - debian/patches/CVE-2025-5372.patch: simplify error checking and
      handling of return codes in ssh_kdf().
    - CVE-2025-5372
  * SECURITY UPDATE: Invalid return code for chacha20 poly1305 with OpenSSL
    backend
    - debian/patches/CVE-2025-5987.patch: correctly detect failures of
      chacha initialization.
    - CVE-2025-5987
  * SECURITY UPDATE: Missing packet filter may expose to variant of
    Terrapin attack
    - debian/patches/missing_packet_filter.patch: implement missing packet
      filter for DH GEX.
    - No CVE number

Date: 2025-07-02 22:08:25.435310+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libssh/0.10.6-3ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.