Read Time:32 Second

FEDORA-EPEL-2025-f3e455b799

Packages in this update:

libssh2-1.11.1-1.el10_0

Update description:

This update, to the current upstream libssh2 release, addresses a couple of security issues:

CVE-2023-6918 (missing checks for return values for digests)
CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) – “Terrapin”)

It also removes support for a number of legacy algorithms that were disabled by default or removed from OpenSSH in the 2015-2018 time period. See the RELEASE_NOTES file for full details.

In addition, there are a large number of bug fixes and enhancements, which again are described in the RELEASE_NOTES file.

More Stories

USN-7453-1: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

USN-7452-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

USN-7451-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

USN-7450-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

USN-7449-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

USN-7446-1: mod_auth_openidc vulnerability

It was discovered that mod_auth_openidc incorrectly handled certain POST requests. An attacker could possibly use this issue to obtain sensitive...