CLSA-2025-1764696522

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2025-1764696522.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2025-1764696522
Upstream
Published
2025-12-02T17:28:46Z
Modified
2026-06-01T00:32:36.428069445Z
Summary
libssh: Fix of 2 CVEs
Details
  • CVE-2025-5372: fix inconsistent return value interpretation in ssh_kdf() function to prevent uninitialized key buffers leading to SSH session compromise
  • CVE-2025-5987: fix missing error detection in ChaCha20 initialization that could leave cipher context partially uninitialized
References

Affected packages

TuxCare:AlmaLinux:9.6 / libssh

Package

Name
libssh
Purl
pkg:rpm/tuxcare/libssh?distro=almalinux-9.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.4-15.el9_6.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2025-1764696522.json"

TuxCare:AlmaLinux:9.6 / libssh-config

Package

Name
libssh-config
Purl
pkg:rpm/tuxcare/libssh-config?distro=almalinux-9.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.4-15.el9_6.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2025-1764696522.json"

TuxCare:AlmaLinux:9.6 / libssh-devel

Package

Name
libssh-devel
Purl
pkg:rpm/tuxcare/libssh-devel?distro=almalinux-9.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.4-15.el9_6.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2025-1764696522.json"