摘要:
libssh security update
安全等级: High
公告ID: KylinSec-SA-2025-2863
发布日期: 2025年9月12日
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto (from openssl).
Security Fix(es):
A vulnerability classified as critical was found in libssh up to 0.11.1.The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 0.11.2 eliminates this vulnerability.(CVE-2025-4877)
A vulnerability, which was classified as problematic, has been found in libssh up to 0.11.1.Using CWE to declare the problem leads to CWE-824. The product accesses or uses a pointer that has not been initialized.Impacted is confidentiality, integrity, and availability.Upgrading to version 0.11.2 eliminates this vulnerability.(CVE-2025-4878)
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.(CVE-2025-5372)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-4878 | KY3.4-5A | libssh | Fixed |
| CVE-2025-4877 | KY3.4-5A | libssh | Fixed |
| CVE-2025-5372 | KY3.4-5A | libssh | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| libssh-help | noarch | 0.9.4-11.kb1.ky3_4 |
| libssh | x86_64 | 0.9.4-11.kb1.ky3_4 |
| libssh-devel | x86_64 | 0.9.4-11.kb1.ky3_4 |
| libssh | aarch64 | 0.9.4-11.kb1.ky3_4 |
| libssh-devel | aarch64 | 0.9.4-11.kb1.ky3_4 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
