Release date:
2026-05-06 11:55:20 UTC
Description:
* SECURITY UPDATE: heap buffer underflow in ssh_get_hexa() on zero-length
or NULL input, remotely reachable via GSSAPI authentication logging
- debian/patches/CVE-2026-0966.patch: reject NULL/zero-length input in
ssh_get_hexa() in src/dh.c
- CVE-2026-0966: fix heap buffer underflow in ssh_get_hexa()
Updated packages:
-
libssh-4_0.6.3-4.3ubuntu0.6+tuxcare.els5_amd64.deb
sha:98c5a9c63d327f30cb870d5bc727bf276e18e30e
-
libssh-dev_0.6.3-4.3ubuntu0.6+tuxcare.els5_amd64.deb
sha:cf671c8575112610fb01c0d059a14cf80e27c512
-
libssh-doc_0.6.3-4.3ubuntu0.6+tuxcare.els5_all.deb
sha:76cceb522f2a5ac3327053dcf2a641a21cdaa14b
-
libssh-gcrypt-4_0.6.3-4.3ubuntu0.6+tuxcare.els5_amd64.deb
sha:1a4301ec4d6baddeff792932c61c847dcc487f77
-
libssh-gcrypt-dev_0.6.3-4.3ubuntu0.6+tuxcare.els5_amd64.deb
sha:c42ab2fee9d245d906a8b0667962f646621b0b03
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
