Security update for libssh SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02279-1 Final 1 1 2025-07-10T16:03:25Z current 2025-07-10T16:03:25Z 2025-07-10T16:03:25Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libssh This update for libssh fixes the following issues: - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/ltss/sle15.3/bci-base:latest-2025-2279,Container suse/sle-micro-rancher/5.2:latest-2025-2279,Container suse/sle-micro/5.1/toolbox:latest-2025-2279,Container suse/sle-micro/5.2/toolbox:latest-2025-2279,SUSE-2025-2279,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2279,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2279,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2279,SUSE-SUSE-MicroOS-5.1-2025-2279,SUSE-SUSE-MicroOS-5.2-2025-2279,SUSE-Storage-7.1-2025-2279 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502279-1/ Link for SUSE-SU-2025:02279-1 https://lists.suse.com/pipermail/sle-updates/2025-July/040681.html E-Mail link for SUSE-SU-2025:02279-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1245309 SUSE Bug 1245309 https://bugzilla.suse.com/1245310 SUSE Bug 1245310 https://bugzilla.suse.com/1245311 SUSE Bug 1245311 https://bugzilla.suse.com/1245314 SUSE Bug 1245314 https://www.suse.com/security/cve/CVE-2025-4877/ SUSE CVE CVE-2025-4877 page https://www.suse.com/security/cve/CVE-2025-4878/ SUSE CVE CVE-2025-4878 page https://www.suse.com/security/cve/CVE-2025-5318/ SUSE CVE CVE-2025-5318 page https://www.suse.com/security/cve/CVE-2025-5372/ SUSE CVE CVE-2025-5372 page Container suse/ltss/sle15.3/bci-base:latest Container suse/sle-micro-rancher/5.2:latest Container suse/sle-micro/5.1/toolbox:latest Container suse/sle-micro/5.2/toolbox:latest SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP3 libssh-config-0.9.8-150200.13.9.1 libssh4-0.9.8-150200.13.9.1 libssh-devel-0.9.8-150200.13.9.1 libssh4-32bit-0.9.8-150200.13.9.1 libssh4-64bit-0.9.8-150200.13.9.1 libssh-config-0.9.8-150200.13.9.1 as a component of Container suse/ltss/sle15.3/bci-base:latest libssh4-0.9.8-150200.13.9.1 as a component of Container suse/ltss/sle15.3/bci-base:latest libssh-config-0.9.8-150200.13.9.1 as a component of Container suse/sle-micro-rancher/5.2:latest libssh4-0.9.8-150200.13.9.1 as a component of Container suse/sle-micro-rancher/5.2:latest libssh-config-0.9.8-150200.13.9.1 as a component of Container suse/sle-micro/5.1/toolbox:latest libssh4-0.9.8-150200.13.9.1 as a component of Container suse/sle-micro/5.1/toolbox:latest libssh-config-0.9.8-150200.13.9.1 as a component of Container suse/sle-micro/5.2/toolbox:latest libssh4-0.9.8-150200.13.9.1 as a component of Container suse/sle-micro/5.2/toolbox:latest libssh-config-0.9.8-150200.13.9.1 as a component of SUSE Enterprise Storage 7.1 libssh-devel-0.9.8-150200.13.9.1 as a component of SUSE Enterprise Storage 7.1 libssh4-0.9.8-150200.13.9.1 as a component of SUSE Enterprise Storage 7.1 libssh4-32bit-0.9.8-150200.13.9.1 as a component of SUSE Enterprise Storage 7.1 libssh-config-0.9.8-150200.13.9.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libssh-devel-0.9.8-150200.13.9.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libssh4-0.9.8-150200.13.9.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libssh4-32bit-0.9.8-150200.13.9.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libssh-config-0.9.8-150200.13.9.1 as a component of SUSE Linux Enterprise Micro 5.1 libssh4-0.9.8-150200.13.9.1 as a component of SUSE Linux Enterprise Micro 5.1 libssh-config-0.9.8-150200.13.9.1 as a component of SUSE Linux Enterprise Micro 5.2 libssh4-0.9.8-150200.13.9.1 as a component of SUSE Linux Enterprise Micro 5.2 libssh-config-0.9.8-150200.13.9.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libssh-devel-0.9.8-150200.13.9.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libssh4-0.9.8-150200.13.9.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libssh4-32bit-0.9.8-150200.13.9.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libssh-config-0.9.8-150200.13.9.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 libssh-devel-0.9.8-150200.13.9.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 libssh4-0.9.8-150200.13.9.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 libssh4-32bit-0.9.8-150200.13.9.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 unknown CVE-2025-4877 Container suse/ltss/sle15.3/bci-base:latest:libssh-config-0.9.8-150200.13.9.1 Container suse/ltss/sle15.3/bci-base:latest:libssh4-0.9.8-150200.13.9.1 Container suse/sle-micro-rancher/5.2:latest:libssh-config-0.9.8-150200.13.9.1 Container suse/sle-micro-rancher/5.2:latest:libssh4-0.9.8-150200.13.9.1 Container suse/sle-micro/5.1/toolbox:latest:libssh-config-0.9.8-150200.13.9.1 Container suse/sle-micro/5.1/toolbox:latest:libssh4-0.9.8-150200.13.9.1 Container suse/sle-micro/5.2/toolbox:latest:libssh-config-0.9.8-150200.13.9.1 Container suse/sle-micro/5.2/toolbox:latest:libssh4-0.9.8-150200.13.9.1 SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1 SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1 SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1 SUSE Enterprise Storage 7.1:libssh4-32bit-0.9.8-150200.13.9.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1 SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-32bit-0.9.8-150200.13.9.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502279-1/ https://www.suse.com/security/cve/CVE-2025-4877.html CVE-2025-4877 https://bugzilla.suse.com/1245309 SUSE Bug 1245309 unknown CVE-2025-4878 Container suse/ltss/sle15.3/bci-base:latest:libssh-config-0.9.8-150200.13.9.1 Container suse/ltss/sle15.3/bci-base:latest:libssh4-0.9.8-150200.13.9.1 Container suse/sle-micro-rancher/5.2:latest:libssh-config-0.9.8-150200.13.9.1 Container suse/sle-micro-rancher/5.2:latest:libssh4-0.9.8-150200.13.9.1 Container suse/sle-micro/5.1/toolbox:latest:libssh-config-0.9.8-150200.13.9.1 Container suse/sle-micro/5.1/toolbox:latest:libssh4-0.9.8-150200.13.9.1 Container suse/sle-micro/5.2/toolbox:latest:libssh-config-0.9.8-150200.13.9.1 Container suse/sle-micro/5.2/toolbox:latest:libssh4-0.9.8-150200.13.9.1 SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1 SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1 SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1 SUSE Enterprise Storage 7.1:libssh4-32bit-0.9.8-150200.13.9.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1 SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-32bit-0.9.8-150200.13.9.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502279-1/ https://www.suse.com/security/cve/CVE-2025-4878.html CVE-2025-4878 https://bugzilla.suse.com/1245310 SUSE Bug 1245310 A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior. CVE-2025-5318 Container suse/ltss/sle15.3/bci-base:latest:libssh-config-0.9.8-150200.13.9.1 Container suse/ltss/sle15.3/bci-base:latest:libssh4-0.9.8-150200.13.9.1 Container suse/sle-micro-rancher/5.2:latest:libssh-config-0.9.8-150200.13.9.1 Container suse/sle-micro-rancher/5.2:latest:libssh4-0.9.8-150200.13.9.1 Container suse/sle-micro/5.1/toolbox:latest:libssh-config-0.9.8-150200.13.9.1 Container suse/sle-micro/5.1/toolbox:latest:libssh4-0.9.8-150200.13.9.1 Container suse/sle-micro/5.2/toolbox:latest:libssh-config-0.9.8-150200.13.9.1 Container suse/sle-micro/5.2/toolbox:latest:libssh4-0.9.8-150200.13.9.1 SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1 SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1 SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1 SUSE Enterprise Storage 7.1:libssh4-32bit-0.9.8-150200.13.9.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1 SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-32bit-0.9.8-150200.13.9.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502279-1/ https://www.suse.com/security/cve/CVE-2025-5318.html CVE-2025-5318 https://bugzilla.suse.com/1245311 SUSE Bug 1245311 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. CVE-2025-5372 Container suse/ltss/sle15.3/bci-base:latest:libssh-config-0.9.8-150200.13.9.1 Container suse/ltss/sle15.3/bci-base:latest:libssh4-0.9.8-150200.13.9.1 Container suse/sle-micro-rancher/5.2:latest:libssh-config-0.9.8-150200.13.9.1 Container suse/sle-micro-rancher/5.2:latest:libssh4-0.9.8-150200.13.9.1 Container suse/sle-micro/5.1/toolbox:latest:libssh-config-0.9.8-150200.13.9.1 Container suse/sle-micro/5.1/toolbox:latest:libssh4-0.9.8-150200.13.9.1 Container suse/sle-micro/5.2/toolbox:latest:libssh-config-0.9.8-150200.13.9.1 Container suse/sle-micro/5.2/toolbox:latest:libssh4-0.9.8-150200.13.9.1 SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1 SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1 SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1 SUSE Enterprise Storage 7.1:libssh4-32bit-0.9.8-150200.13.9.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1 SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-32bit-0.9.8-150200.13.9.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502279-1/ https://www.suse.com/security/cve/CVE-2025-5372.html CVE-2025-5372 https://bugzilla.suse.com/1245314 SUSE Bug 1245314