[ubuntu/resolute-proposed] libssh 0.11.3-1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Feb 18 14:14:16 UTC 2026 

libssh (0.11.3-1ubuntu1) resolute; urgency=medium

  * SECURITY UPDATE: Improper sanitation of paths received from SCP servers
    - debian/patches/CVE-2026-0964.patch: reject invalid paths received
      through scp in src/scp.c.
    - CVE-2026-0964
  * SECURITY UPDATE: DoS via improper configuration file handling
    - debian/patches/CVE-2026-0965.patch: do not attempt to read
      non-regular and too large configuration files in
      include/libssh/misc.h, include/libssh/priv.h, src/bind_config.c,
      src/config.c, src/dh-gex.c, src/known_hosts.c, src/knownhosts.c,
      src/misc.c, tests/unittests/torture_config.c.
    - CVE-2026-0965
  * SECURITY UPDATE: Buffer underflow in ssh_get_hexa() on invalid input
    - debian/patches/CVE-2026-0966-1.patch: avoid heap buffer underflow in
      ssh_get_hexa in src/misc.c.
    - debian/patches/CVE-2026-0966-2.patch: test coverage for ssh_get_hexa
      in tests/unittests/torture_misc.c.
    - debian/patches/CVE-2026-0966-3.patch: update guided tour to use
      SHA256 fingerprints in doc/guided_tour.dox.
    - CVE-2026-0966
  * SECURITY UPDATE: DoS via inefficient regular expression processing
    - debian/patches/CVE-2026-0967.patch: avoid recursive matching (ReDoS)
      in src/match.c, tests/unittests/torture_config.c.
    - CVE-2026-0967
  * SECURITY UPDATE: DoS due to malformed SFTP message
    - debian/patches/CVE-2026-0968-1.patch: sanitize input handling in
      sftp_parse_longname() in src/sftp_common.c.
    - debian/patches/CVE-2026-0968-2.patch: reproducer for invalid longname
      data in tests/unittests/CMakeLists.txt,
      tests/unittests/torture_unit_sftp.c.
    - CVE-2026-0968

Date: Wed, 18 Feb 2026 08:45:14 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libssh/0.11.3-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 18 Feb 2026 08:45:14 -0500
Source: libssh
Built-For-Profiles: noudeb
Architecture: source
Version: 0.11.3-1ubuntu1
Distribution: resolute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 libssh (0.11.3-1ubuntu1) resolute; urgency=medium
 .
   * SECURITY UPDATE: Improper sanitation of paths received from SCP servers
     - debian/patches/CVE-2026-0964.patch: reject invalid paths received
       through scp in src/scp.c.
     - CVE-2026-0964
   * SECURITY UPDATE: DoS via improper configuration file handling
     - debian/patches/CVE-2026-0965.patch: do not attempt to read
       non-regular and too large configuration files in
       include/libssh/misc.h, include/libssh/priv.h, src/bind_config.c,
       src/config.c, src/dh-gex.c, src/known_hosts.c, src/knownhosts.c,
       src/misc.c, tests/unittests/torture_config.c.
     - CVE-2026-0965
   * SECURITY UPDATE: Buffer underflow in ssh_get_hexa() on invalid input
     - debian/patches/CVE-2026-0966-1.patch: avoid heap buffer underflow in
       ssh_get_hexa in src/misc.c.
     - debian/patches/CVE-2026-0966-2.patch: test coverage for ssh_get_hexa
       in tests/unittests/torture_misc.c.
     - debian/patches/CVE-2026-0966-3.patch: update guided tour to use
       SHA256 fingerprints in doc/guided_tour.dox.
     - CVE-2026-0966
   * SECURITY UPDATE: DoS via inefficient regular expression processing
     - debian/patches/CVE-2026-0967.patch: avoid recursive matching (ReDoS)
       in src/match.c, tests/unittests/torture_config.c.
     - CVE-2026-0967
   * SECURITY UPDATE: DoS due to malformed SFTP message
     - debian/patches/CVE-2026-0968-1.patch: sanitize input handling in
       sftp_parse_longname() in src/sftp_common.c.
     - debian/patches/CVE-2026-0968-2.patch: reproducer for invalid longname
       data in tests/unittests/CMakeLists.txt,
       tests/unittests/torture_unit_sftp.c.
     - CVE-2026-0968
Checksums-Sha1:
 c597eaf15c62c03e3aa2f05685ffc11188d786d8 2708 libssh_0.11.3-1ubuntu1.dsc
 8c200ead1dab5ef9a561fccd2fdb8985bf6ae36e 39580 libssh_0.11.3-1ubuntu1.debian.tar.xz
 e5225bff0b1e1958074fc4dbcbf7896c5ea17b5d 8797 libssh_0.11.3-1ubuntu1_source.buildinfo
Checksums-Sha256:
 24bdecd2fa5a9746c9af6316aa8b15202e020fb61b1a8ecd658afa25541ac8c7 2708 libssh_0.11.3-1ubuntu1.dsc
 b644f254e856829b9e316f4b938e107ec40cbde9cd6efafd8bba669cc0b6ca7d 39580 libssh_0.11.3-1ubuntu1.debian.tar.xz
 3478e973aa01decebaeb3c48350e11ad33c90fa48f82813ba8adbb0257ce9f5c 8797 libssh_0.11.3-1ubuntu1_source.buildinfo
Files:
 7f410480034928a9967b9055de79fefe 2708 libs optional libssh_0.11.3-1ubuntu1.dsc
 a850941c25ddae18cc036e5dcb26b1ee 39580 libs optional libssh_0.11.3-1ubuntu1.debian.tar.xz
 0d701779d4b37b68b5af9902efab6faa 8797 libs optional libssh_0.11.3-1ubuntu1_source.buildinfo
Original-Maintainer: Laurent Bigonville <bigon at debian.org>

More information about the Resolute-changes mailing list