Release date:
2026-05-06 11:59:12 UTC
Description:
* SECURITY UPDATE: heap buffer underflow in ssh_get_hexa() on zero-length
or NULL input, remotely reachable via GSSAPI authentication logging
- debian/patches/CVE-2026-0966.patch: reject NULL/zero-length input in
ssh_get_hexa() in src/dh.c
- CVE-2026-0966: fix heap buffer underflow in ssh_get_hexa()
Updated packages:
-
libssh-4_0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els5_amd64.deb
sha:c968f0586f3e3523286e30c7c978c8a7c28bbc25
-
libssh-dev_0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els5_amd64.deb
sha:b2a557daeb43dddab7966cf212a48df878d698f1
-
libssh-doc_0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els5_all.deb
sha:5798b5dcf9107ee01f9c1df7f482af7312aabef2
-
libssh-gcrypt-4_0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els5_amd64.deb
sha:8e1385d026c361731622642487fe1f48f8624f0f
-
libssh-gcrypt-dev_0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els5_amd64.deb
sha:98da09cc6c2924afe71a7f807344dc6f4221776d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
