Описание
Security update for libssh
This update for libssh fixes the following issues:
- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974).
Список пакетов
Container bci/node:20
libssh-config-0.9.8-150600.11.6.1
libssh4-0.9.8-150600.11.6.1
Container bci/nodejs:latest
libssh-config-0.9.8-150600.11.6.1
libssh4-0.9.8-150600.11.6.1
Container bci/openjdk:17
libssh-config-0.9.8-150600.11.6.1
libssh4-0.9.8-150600.11.6.1
Container bci/spack:0.23
libssh-config-0.9.8-150600.11.6.1
libssh-devel-0.9.8-150600.11.6.1
libssh4-0.9.8-150600.11.6.1
Container bci/spack:latest
libssh-devel-0.9.8-150600.11.6.1
Container private-registry/harbor-trivy-adapter:latest
libssh-config-0.9.8-150600.11.6.1
libssh4-0.9.8-150600.11.6.1
Container suse/git:latest
libssh-config-0.9.8-150600.11.6.1
libssh4-0.9.8-150600.11.6.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
libssh-config-0.9.8-150600.11.6.1
libssh4-0.9.8-150600.11.6.1
Container suse/kiosk/firefox-esr:latest
libssh-config-0.9.8-150600.11.6.1
libssh4-0.9.8-150600.11.6.1
Container suse/sle15:15.6
libssh-config-0.9.8-150600.11.6.1
libssh4-0.9.8-150600.11.6.1
Container suse/sle15:latest
libssh-config-0.9.8-150600.11.6.1
libssh4-0.9.8-150600.11.6.1
Image SLES15-SP7-Hardened-BYOS-Azure
libssh-config-0.9.8-150600.11.6.1
libssh4-0.9.8-150600.11.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libssh-config-0.9.8-150600.11.6.1
libssh-devel-0.9.8-150600.11.6.1
libssh4-0.9.8-150600.11.6.1
libssh4-32bit-0.9.8-150600.11.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
libssh-config-0.9.8-150600.11.6.1
libssh-devel-0.9.8-150600.11.6.1
libssh4-0.9.8-150600.11.6.1
libssh4-32bit-0.9.8-150600.11.6.1
openSUSE Leap 15.6
libssh-config-0.9.8-150600.11.6.1
libssh-devel-0.9.8-150600.11.6.1
libssh4-0.9.8-150600.11.6.1
libssh4-32bit-0.9.8-150600.11.6.1
Ссылки
- Link for SUSE-SU-2025:03369-1
- E-Mail link for SUSE-SU-2025:03369-1
- SUSE Security Ratings
- SUSE Bug 1246974
- SUSE Bug 1249375
- SUSE CVE CVE-2025-8114 page
- SUSE CVE CVE-2025-8277 page
Описание
A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.
Затронутые продукты
Container bci/node:20:libssh-config-0.9.8-150600.11.6.1
Container bci/node:20:libssh4-0.9.8-150600.11.6.1
Container bci/nodejs:latest:libssh-config-0.9.8-150600.11.6.1
Container bci/nodejs:latest:libssh4-0.9.8-150600.11.6.1
Ссылки
- CVE-2025-8114
- SUSE Bug 1246974
Описание
A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.
Затронутые продукты
Container bci/node:20:libssh-config-0.9.8-150600.11.6.1
Container bci/node:20:libssh4-0.9.8-150600.11.6.1
Container bci/nodejs:latest:libssh-config-0.9.8-150600.11.6.1
Container bci/nodejs:latest:libssh4-0.9.8-150600.11.6.1
Ссылки
- CVE-2025-8277
- SUSE Bug 1249375