Overview

File _patchinfo of Package patchinfo.39451

<patchinfo incident="39451">
  <issue tracker="cve" id="2025-5372"/>
  <issue tracker="cve" id="2025-5318"/>
  <issue tracker="cve" id="2025-4878"/>
  <issue tracker="cve" id="2025-4877"/>
  <issue tracker="bnc" id="1245314">VUL-0: CVE-2025-5372: libssh,libssh2_org: ssh_kdf() returns a success code on certain failures</issue>
  <issue tracker="bnc" id="1245309">VUL-0: CVE-2025-4877: libssh,libssh2_org: Write beyond bounds in binary to base64 conversion functions</issue>
  <issue tracker="bnc" id="1245310">VUL-0: CVE-2025-4878: libssh,libssh2_org: Use of uninitialized variable in privatekey_from_file()</issue>
  <issue tracker="bnc" id="1245311">VUL-0: CVE-2025-5318: libssh,libssh2_org: Likely read beyond bounds in sftp server handle management</issue>
  <packager>lmulling</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for libssh</summary>
  <description>This update for libssh fixes the following issues:

- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places