Release date:
2026-05-05 17:49:01 UTC
Description:
* SECURITY UPDATE: heap buffer underflow in ssh_get_hexa() when called
with a NULL pointer or zero-length input
- debian/patches/CVE-2026-0966.patch: add NULL/zero-length input
validation in ssh_get_hexa(); add unit-test coverage
- CVE-2026-0966
Updated packages:
-
libssh-4_0.9.3-2ubuntu2.5+tuxcare.els5_amd64.deb
sha:fb41dfebdc3ce9499a465900b9b41cd8b3563033
-
libssh-dev_0.9.3-2ubuntu2.5+tuxcare.els5_amd64.deb
sha:01102ab4b0c8ad23c2666886bb25f34505c4b6ba
-
libssh-doc_0.9.3-2ubuntu2.5+tuxcare.els5_all.deb
sha:2aea8561200604952cf92ec5be24a56695dd69e2
-
libssh-gcrypt-4_0.9.3-2ubuntu2.5+tuxcare.els5_amd64.deb
sha:7743b365feeacb1e7e30132850169b29ea085e69
-
libssh-gcrypt-dev_0.9.3-2ubuntu2.5+tuxcare.els5_amd64.deb
sha:801816c256da15898b520ff2232657114adb053e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
