stable

libssh2-1.11.1-1.fc40

FEDORA-2025-aaa849ae74 created by pghmcfc a year ago for Fedora 40

This update, to the current upstream libssh2 release, addresses a couple of security issues:

  • CVE-2023-6918 (missing checks for return values for digests)
  • CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) - "Terrapin")

It also removes support for a number of legacy algorithms that were disabled by default or removed from OpenSSH in the 2015-2018 time period. See the RELEASE_NOTES file for full details.

In addition, there are a large number of bug fixes and enhancements, which again are described in the RELEASE_NOTES file.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-aaa849ae74

This update has been submitted for testing by pghmcfc.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'passed'.

a year ago

This update has been pushed to testing.

a year ago
User Icon geraldosimiao provided feedback a year ago
karma
User Icon derekenz commented & provided feedback 12 months ago
karma

Works

This update can be pushed to stable now if the maintainer wishes

12 months ago

This update has been submitted for stable by bodhi.

12 months ago

This update has been pushed to stable.

12 months ago

Please log in to add feedback.

Metadata
Type
security
Severity
medium
Karma
2
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-1
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
a year ago
in testing
a year ago
in stable
12 months ago
approved
12 months ago
Builds
1
libssh2-1.11.1-1.fc40
BZ#2254210 CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
0
0
BZ#2254997 CVE-2023-6918 libssh: Missing checks for return values for digests
0
0
BZ#2255048 CVE-2023-48795 libssh2: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [fedora-all]
0
0
BZ#2255160 TRIAGE CVE-2023-6918 libssh2: libssh: Missing checks for return values for digests [fedora-all]
0
0
libssh2-1.11.1-1.fc40

Automated Test Results

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 25.11.3 on bodhi-web-20-v5tqb.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy