{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2025-5372: fix inconsistent return value interpretation in ssh_kdf()\n function to prevent uninitialized key buffers leading to SSH session\n compromise\n- CVE-2025-5987: fix missing error detection in ChaCha20 initialization that\n could leave cipher context partially uninitialized", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/tuxcare9.6esu/advisories/2025/clsa-2025_1764696522.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1764696522", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1764696522" } ], "tracking": { "current_release_date": "2025-12-02T17:29:26Z", "generator": { "date": "2025-12-02T17:29:26Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1764696522", "initial_release_date": "2025-12-02T17:29:26Z", "revision_history": [ { "date": "2025-12-02T17:29:26Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "libssh: Fix of 2 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.6", "product": { "name": "AlmaLinux 9.6", "product_id": "AlmaLinux-9.6", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.6:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Rocky Linux 9.6", "product": { "name": "Rocky Linux 9.6", "product_id": "Rocky Linux-9.6", "product_identification_helper": { "cpe": "cpe:2.3:o:resf:rocky_linux:9.6:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Rocky Linux" } ], "category": "vendor", "name": "Rocky Linux" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686", "product": { "name": "libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686", "product_id": "libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libssh@0.10.4-15.el9_6.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686", "product": { "name": "libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686", "product_id": "libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libssh-devel@0.10.4-15.el9_6.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "product": { "name": "libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "product_id": "libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libssh@0.10.4-15.el9_6.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "product": { "name": "libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "product_id": "libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libssh-devel@0.10.4-15.el9_6.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch", "product": { "name": "libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch", "product_id": "libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libssh-config@0.10.4-15.el9_6.tuxcare.els1?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686" }, "product_reference": "libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64" }, "product_reference": "libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686" }, "product_reference": "libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64" }, "product_reference": "libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch" }, "product_reference": "libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686" }, "product_reference": "libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64" }, "product_reference": "libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686" }, "product_reference": "libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64" }, "product_reference": "libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch" }, "product_reference": "libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch", "relates_to_product_reference": "Rocky Linux-9.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-5987", "cwe": { "id": "CWE-393", "name": "Return of Wrong Status Code" }, "notes": [ { "category": "description", "text": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch", "AlmaLinux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch", "Rocky Linux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-5987" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-5987", "url": "https://access.redhat.com/security/cve/CVE-2025-5987" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219" } ], "release_date": "2025-07-07T15:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-12-02T17:28:44.597538Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1764696522", "product_ids": [ "AlmaLinux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch", "AlmaLinux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch", "Rocky Linux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1764696522" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch", "AlmaLinux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch", "Rocky Linux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-5372", "cwe": { "id": "CWE-682", "name": "Incorrect Calculation" }, "notes": [ { "category": "description", "text": "A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch", "AlmaLinux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch", "Rocky Linux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-5372" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:21977", "url": "https://access.redhat.com/errata/RHSA-2025:21977" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-5372", "url": "https://access.redhat.com/security/cve/CVE-2025-5372" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2369388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369388" } ], "release_date": "2025-07-04T06:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-12-02T17:28:44.597538Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1764696522", "product_ids": [ "AlmaLinux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch", "AlmaLinux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch", "Rocky Linux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1764696522" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch", "AlmaLinux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:libssh-0:0.10.4-15.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:libssh-config-0:0.10.4-15.el9_6.tuxcare.els1.noarch", "Rocky Linux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:libssh-devel-0:0.10.4-15.el9_6.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }