USN-7619-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-7619-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7619-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-7619-1
Upstream
Related
Published
2025-07-07T12:29:26.323110Z
Modified
2025-07-16T08:36:26.522367Z
Summary
libssh vulnerabilities
Details

Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-4877)

Ronald Crane discovered that libssh incorrectly handled the privatekeyfromfile() function. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-4878)

Ronald Crane discovered that libssh incorrectly handled certain memory operations in the sftp server. An attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. (CVE-2025-5318, CVE-2025-5449)

Ronald Crane discovered that libssh incorrectly handled exporting keys. An attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2025-5351)

Ronald Crane discovered that libssh incorrectly handled the ssh_kdf() function. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-5372)

Ronald Crane discovered that libssh incorrectly handled the ChaCha20 cipher. An attacker could possibly use this issue to cause libssh to use partially initialized cypher content. This issue only affected Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2025-5987)

References

Affected packages

Ubuntu:22.04:LTS / libssh

Package

Name
libssh
Purl
pkg:deb/ubuntu/libssh@0.9.6-2ubuntu0.22.04.4?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.6-2ubuntu0.22.04.4

Affected versions

0.*

0.9.6-1
0.9.6-1build1
0.9.6-2
0.9.6-2build1
0.9.6-2ubuntu0.22.04.1
0.9.6-2ubuntu0.22.04.2
0.9.6-2ubuntu0.22.04.3

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "0.9.6-2ubuntu0.22.04.4",
            "binary_name": "libssh-4"
        },
        {
            "binary_version": "0.9.6-2ubuntu0.22.04.4",
            "binary_name": "libssh-4-dbgsym"
        },
        {
            "binary_version": "0.9.6-2ubuntu0.22.04.4",
            "binary_name": "libssh-dev"
        },
        {
            "binary_version": "0.9.6-2ubuntu0.22.04.4",
            "binary_name": "libssh-doc"
        },
        {
            "binary_version": "0.9.6-2ubuntu0.22.04.4",
            "binary_name": "libssh-gcrypt-4"
        },
        {
            "binary_version": "0.9.6-2ubuntu0.22.04.4",
            "binary_name": "libssh-gcrypt-4-dbgsym"
        },
        {
            "binary_version": "0.9.6-2ubuntu0.22.04.4",
            "binary_name": "libssh-gcrypt-dev"
        }
    ]
}

Ubuntu:24.04:LTS / libssh

Package

Name
libssh
Purl
pkg:deb/ubuntu/libssh@0.10.6-2ubuntu0.1?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.6-2ubuntu0.1

Affected versions

0.*

0.10.5-3ubuntu1
0.10.5-3ubuntu2
0.10.6-2
0.10.6-2build1
0.10.6-2build2

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "0.10.6-2ubuntu0.1",
            "binary_name": "libssh-4"
        },
        {
            "binary_version": "0.10.6-2ubuntu0.1",
            "binary_name": "libssh-4-dbgsym"
        },
        {
            "binary_version": "0.10.6-2ubuntu0.1",
            "binary_name": "libssh-dev"
        },
        {
            "binary_version": "0.10.6-2ubuntu0.1",
            "binary_name": "libssh-doc"
        },
        {
            "binary_version": "0.10.6-2ubuntu0.1",
            "binary_name": "libssh-gcrypt-4"
        },
        {
            "binary_version": "0.10.6-2ubuntu0.1",
            "binary_name": "libssh-gcrypt-4-dbgsym"
        },
        {
            "binary_version": "0.10.6-2ubuntu0.1",
            "binary_name": "libssh-gcrypt-dev"
        }
    ]
}

Ubuntu:25.04 / libssh

Package

Name
libssh
Purl
pkg:deb/ubuntu/libssh@0.11.1-1ubuntu0.1?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.11.1-1ubuntu0.1

Affected versions

0.*

0.10.6-3ubuntu1
0.11.1-1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "0.11.1-1ubuntu0.1",
            "binary_name": "libssh-4"
        },
        {
            "binary_version": "0.11.1-1ubuntu0.1",
            "binary_name": "libssh-4-dbgsym"
        },
        {
            "binary_version": "0.11.1-1ubuntu0.1",
            "binary_name": "libssh-dev"
        },
        {
            "binary_version": "0.11.1-1ubuntu0.1",
            "binary_name": "libssh-doc"
        }
    ]
}