An update for libssh is now available for openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2132 Final 1.0 1.0 2025-09-05 Initial 2025-09-05 2025-09-05 openEuler SA Tool V1.0 2025-09-05 libssh security update An update for libssh is now available for openEuler-24.03-LTS-SP1 The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto (from openssl). Security Fix(es): A vulnerability classified as critical was found in libssh up to 0.11.1.The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 0.11.2 eliminates this vulnerability.(CVE-2025-4877) A vulnerability, which was classified as problematic, has been found in libssh up to 0.11.1.Using CWE to declare the problem leads to CWE-824. The product accesses or uses a pointer that has not been initialized.Impacted is confidentiality, integrity, and availability.Upgrading to version 0.11.2 eliminates this vulnerability.(CVE-2025-4878) A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.(CVE-2025-5351) A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.(CVE-2025-5372) A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.(CVE-2025-5987) An update for libssh is now available for openEuler-24.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High libssh https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2132 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-4877 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-4878 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-5351 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-5372 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-5987 https://nvd.nist.gov/vuln/detail/CVE-2025-4877 https://nvd.nist.gov/vuln/detail/CVE-2025-4878 https://nvd.nist.gov/vuln/detail/CVE-2025-5351 https://nvd.nist.gov/vuln/detail/CVE-2025-5372 https://nvd.nist.gov/vuln/detail/CVE-2025-5987 openEuler-24.03-LTS-SP1 libssh-0.10.5-5.oe2403sp1.aarch64.rpm libssh-debuginfo-0.10.5-5.oe2403sp1.aarch64.rpm libssh-debugsource-0.10.5-5.oe2403sp1.aarch64.rpm libssh-devel-0.10.5-5.oe2403sp1.aarch64.rpm libssh-0.10.5-5.oe2403sp1.src.rpm libssh-0.10.5-5.oe2403sp1.x86_64.rpm libssh-debuginfo-0.10.5-5.oe2403sp1.x86_64.rpm libssh-debugsource-0.10.5-5.oe2403sp1.x86_64.rpm libssh-devel-0.10.5-5.oe2403sp1.x86_64.rpm libssh-help-0.10.5-5.oe2403sp1.noarch.rpm A vulnerability classified as critical was found in libssh up to 0.11.1.The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 0.11.2 eliminates this vulnerability. 2025-09-05 CVE-2025-4877 openEuler-24.03-LTS-SP1 Medium 4.5 AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L libssh security update 2025-09-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2132 A vulnerability, which was classified as problematic, has been found in libssh up to 0.11.1.Using CWE to declare the problem leads to CWE-824. The product accesses or uses a pointer that has not been initialized.Impacted is confidentiality, integrity, and availability.Upgrading to version 0.11.2 eliminates this vulnerability. 2025-09-05 CVE-2025-4878 openEuler-24.03-LTS-SP1 Low 3.6 AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N libssh security update 2025-09-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2132 A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed. 2025-09-05 CVE-2025-5351 openEuler-24.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H libssh security update 2025-09-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2132 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. 2025-09-05 CVE-2025-5372 openEuler-24.03-LTS-SP1 High 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H libssh security update 2025-09-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2132 A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes. 2025-09-05 CVE-2025-5987 openEuler-24.03-LTS-SP1 High 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H libssh security update 2025-09-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2132