FEDORA-2025-aaa849ae74

Packages in this update:

libssh2-1.11.1-1.fc40

Update description:

This update, to the current upstream libssh2 release, addresses a couple of security issues:

CVE-2023-6918 (missing checks for return values for digests)
CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) – “Terrapin”)

It also removes support for a number of legacy algorithms that were disabled by default or removed from OpenSSH in the 2015-2018 time period. See the RELEASE_NOTES file for full details.

In addition, there are a large number of bug fixes and enhancements, which again are described in the RELEASE_NOTES file.

Read More