Red Hat Product Errata RHSA-2026:18683 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:18683 - Security Advisory Overview Updated Packages Synopsis Moderate: libssh security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libssh is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix(es): libssh: Double Free Vulnerability in libssh Key Export Functions (CVE-2025-5351) libssh: Use of uninitialized variable in privatekey_from_file() (CVE-2025-4878) libssh: Write beyond bounds in binary to base64 conversion functions (CVE-2025-4877) libssh: NULL Pointer Dereference in libssh KEX Session ID Calculation (CVE-2025-8114) libssh: Memory Exhaustion via Repeated Key Exchange in libssh (CVE-2025-8277) libssh: Buffer underflow in ssh_get_hexa() on invalid input (CVE-2026-0966) libssh: Improper sanitation of paths received from SCP servers (CVE-2026-0964) libssh: libssh: Denial of Service via improper configuration file handling (CVE-2026-0965) libssh: libssh: Denial of Service via inefficient regular expression processing (CVE-2026-0967) libssh: libssh: Denial of Service due to malformed SFTP message (CVE-2026-0968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Fixes BZ - 2369367 - CVE-2025-5351 libssh: Double Free Vulnerability in libssh Key Export Functions BZ - 2376184 - CVE-2025-4878 libssh: Use of uninitialized variable in privatekey_from_file() BZ - 2376193 - CVE-2025-4877 libssh: Write beyond bounds in binary to base64 conversion functions BZ - 2383220 - CVE-2025-8114 libssh: NULL Pointer Dereference in libssh KEX Session ID Calculation BZ - 2383888 - CVE-2025-8277 libssh: Memory Exhaustion via Repeated Key Exchange in libssh BZ - 2433121 - CVE-2026-0966 libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa() BZ - 2436979 - CVE-2026-0964 libssh: Improper sanitation of paths received from SCP servers BZ - 2436980 - CVE-2026-0965 libssh: libssh: Denial of Service via improper configuration file handling BZ - 2436981 - CVE-2026-0967 libssh: libssh: Denial of Service via inefficient regular expression processing BZ - 2436982 - CVE-2026-0968 libssh: libssh: Denial of Service due to malformed SFTP message RHEL-150661 - Backport low/medium CVE fixes to RHEL 9 CVEs CVE-2025-4877 CVE-2025-4878 CVE-2025-5351 CVE-2025-8114 CVE-2025-8277 CVE-2026-0964 CVE-2026-0965 CVE-2026-0966 CVE-2026-0967 CVE-2026-0968 References https://access.redhat.com/security/updates/classification/#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.8_release_notes/index Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM libssh-0.10.4-18.el9.src.rpm SHA-256: e012994887f4f4c4367bce98f2eb5589bfa5c7926d65471cefeee12bee636b1d x86_64 libssh-0.10.4-18.el9.i686.rpm SHA-256: 0ad8fc2c6f1eb4cec13655c715c6ca67179ea2a339d2984f07ae0e869bf1148e libssh-0.10.4-18.el9.x86_64.rpm SHA-256: 4a3ec8a0cc0d4f693a876c522d3e4bc2296180b9ec05f958f6a0aa8658702458 libssh-config-0.10.4-18.el9.noarch.rpm SHA-256: ab353cbff2269677fc7364bfcddb8e11537ea83361a0ad642e60eac87ed67fbb libssh-debuginfo-0.10.4-18.el9.i686.rpm SHA-256: 93b3bb8f99682a286694399c5cdd31e1b43d318d3e4087f079aafa6e03f2edc7 libssh-debuginfo-0.10.4-18.el9.i686.rpm SHA-256: 93b3bb8f99682a286694399c5cdd31e1b43d318d3e4087f079aafa6e03f2edc7 libssh-debuginfo-0.10.4-18.el9.x86_64.rpm SHA-256: 4d5205dd6f071740fbd78e5cbf44938c3630a65496287982a7d3134d920afef3 libssh-debuginfo-0.10.4-18.el9.x86_64.rpm SHA-256: 4d5205dd6f071740fbd78e5cbf44938c3630a65496287982a7d3134d920afef3 libssh-debugsource-0.10.4-18.el9.i686.rpm SHA-256: 1d21f78ecb1494106d90155861ae343a7f6d0bf848695b0b9cc55ac220e4f68c libssh-debugsource-0.10.4-18.el9.i686.rpm SHA-256: 1d21f78ecb1494106d90155861ae343a7f6d0bf848695b0b9cc55ac220e4f68c libssh-debugsource-0.10.4-18.el9.x86_64.rpm SHA-256: 120951e69f2b0e1c08725deaa5fb5be8560e77dbefabd0bc7c3ace629242e7f0 libssh-debugsource-0.10.4-18.el9.x86_64.rpm SHA-256: 120951e69f2b0e1c08725deaa5fb5be8560e77dbefabd0bc7c3ace629242e7f0 libssh-devel-0.10.4-18.el9.i686.rpm SHA-256: 5e1c580fe96b0fe90c78beb84bba0d959b992d41a2d6cd372ac5b91bece90344 libssh-devel-0.10.4-18.el9.x86_64.rpm SHA-256: d26c392defcd30e834b6a7efb65cbbeadf6f4c5f0ff2cce934236c4efb842810 Red Hat Enterprise Linux for IBM z Systems 9 SRPM libssh-0.10.4-18.el9.src.rpm SHA-256: e012994887f4f4c4367bce98f2eb5589bfa5c7926d65471cefeee12bee636b1d s390x libssh-0.10.4-18.el9.s390x.rpm SHA-256: 363b892f5c1a3b50916f93cbc942cb1526d08bace674b9499fe7aeab00637a4c libssh-config-0.10.4-18.el9.noarch.rpm SHA-256: ab353cbff2269677fc7364bfcddb8e11537ea83361a0ad642e60eac87ed67fbb libssh-debuginfo-0.10.4-18.el9.s390x.rpm SHA-256: c05bed152ca58a147d89f694bfa36bb1bb891ed7db66044f318dcfbada8db44a libssh-debuginfo-0.10.4-18.el9.s390x.rpm SHA-256: c05bed152ca58a147d89f694bfa36bb1bb891ed7db66044f318dcfbada8db44a libssh-debugsource-0.10.4-18.el9.s390x.rpm SHA-256: 7245a8dee7f537f0d9f857962b26b7e3f934d5de39571d5e9c9e7cb7e84b7589 libssh-debugsource-0.10.4-18.el9.s390x.rpm SHA-256: 7245a8dee7f537f0d9f857962b26b7e3f934d5de39571d5e9c9e7cb7e84b7589 libssh-devel-0.10.4-18.el9.s390x.rpm SHA-256: 12940367ad56ee52bd2bc1fa763e6c3c70a3de79c10efda18e81eb10132bf080 Red Hat Enterprise Linux for Power, little endian 9 SRPM libssh-0.10.4-18.el9.src.rpm SHA-256: e012994887f4f4c4367bce98f2eb5589bfa5c7926d65471cefeee12bee636b1d ppc64le libssh-0.10.4-18.el9.ppc64le.rpm SHA-256: 15cff94afc4645b00c917abd7780a6a3ee1b476dff3eaccaaed93b88298a2ca1 libssh-config-0.10.4-18.el9.noarch.rpm SHA-256: ab353cbff2269677fc7364bfcddb8e11537ea83361a0ad642e60eac87ed67fbb libssh-debuginfo-0.10.4-18.el9.ppc64le.rpm SHA-256: c682dc27ca162c2f8f473f07fd9a82db69726b362d40350b4fdd4ecea1ed6e38 libssh-debuginfo-0.10.4-18.el9.ppc64le.rpm SHA-256: c682dc27ca162c2f8f473f07fd9a82db69726b362d40350b4fdd4ecea1ed6e38 libssh-debugsource-0.10.4-18.el9.ppc64le.rpm SHA-256: 43c6f72e9d6dad32041870a192fefbf141b96a309c572a1f7840bb28ce3e6f3a libssh-debugsource-0.10.4-18.el9.ppc64le.rpm SHA-256: 43c6f72e9d6dad32041870a192fefbf141b96a309c572a1f7840bb28ce3e6f3a libssh-devel-0.10.4-18.el9.ppc64le.rpm SHA-256: 831c594f1ff38f6dcebb7952b06cdfe05cb2755ac54fd6d73e3ec2247fe4fbb4 Red Hat Enterprise Linux for ARM 64 9 SRPM libssh-0.10.4-18.el9.src.rpm SHA-256: e012994887f4f4c4367bce98f2eb5589bfa5c7926d65471cefeee12bee636b1d aarch64 libssh-0.10.4-18.el9.aarch64.rpm SHA-256: 6d529b3f31dee553349277c9f72da4f14ae54a2d48d10aa3088b45fbe90f99c2 libssh-config-0.10.4-18.el9.noarch.rpm SHA-256: ab353cbff2269677fc7364bfcddb8e11537ea83361a0ad642e60eac87ed67fbb libssh-debuginfo-0.10.4-18.el9.aarch64.rpm SHA-256: c037190f7dd4da5953f3620c47eb692ff9c22a2602176cb3047c8fea77dddc93 libssh-debuginfo-0.10.4-18.el9.aarch64.rpm SHA-256: c037190f7dd4da5953f3620c47eb692ff9c22a2602176cb3047c8fea77dddc93 libssh-debugsource-0.10.4-18.el9.aarch64.rpm SHA-256: bcde9935aaa0cb4395cdc5522994912229c8d8ff51facbc747f8b7ec08950409 libssh-debugsource-0.10.4-18.el9.aarch64.rpm SHA-256: bcde9935aaa0cb4395cdc5522994912229c8d8ff51facbc747f8b7ec08950409 libssh-devel-0.10.4-18.el9.aarch64.rpm SHA-256: 929a56e585e68352a6101eb3e8760eb00c383fc434209fd6307b57dbcdf1e6a7 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .