{"id":"RHSA-2026:18683","summary":"Red Hat Security Advisory: libssh security update","modified":"2026-05-20T10:32:40.993611421Z","published":"2026-05-20T10:09:25Z","upstream":["CVE-2025-4877","CVE-2025-4878","CVE-2025-5351","CVE-2025-8114","CVE-2025-8277","CVE-2026-0964","CVE-2026-0965","CVE-2026-0966","CVE-2026-0967","CVE-2026-0968"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:18683"},{"type":"ARTICLE","url":"https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.8_release_notes/index"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#moderate"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369367"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376184"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376193"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2383220"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2383888"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433121"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436979"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436980"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436981"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436982"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/RHEL-150661"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_18683.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-4877"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-4877"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-4877"},{"type":"ARTICLE","url":"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d"},{"type":"ARTICLE","url":"https://www.libssh.org/security/advisories/CVE-2025-4877.txt"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-4878"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-4878"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-4878"},{"type":"ARTICLE","url":"https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1"},{"type":"ARTICLE","url":"https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb"},{"type":"ARTICLE","url":"https://www.libssh.org/security/advisories/CVE-2025-4878.txt"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-5351"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-5351"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5351"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8114"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-8114"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8114"},{"type":"ARTICLE","url":"https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d"},{"type":"ARTICLE","url":"https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9"},{"type":"ARTICLE","url":"https://www.libssh.org/security/advisories/CVE-2025-8114.txt"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8277"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-8277"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8277"},{"type":"ARTICLE","url":"https://www.libssh.org/security/advisories/CVE-2025-8277.txt"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-0964"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-0964"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0964"},{"type":"ARTICLE","url":"https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-0965"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-0965"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0965"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-0966"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-0966"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0966"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-0967"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-0967"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0967"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-0968"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-0968"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0968"}],"affected":[{"package":{"name":"libssh","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/libssh"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.4-18.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:18683.json"}},{"package":{"name":"libssh-config","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/libssh-config"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.4-18.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:18683.json"}},{"package":{"name":"libssh-debuginfo","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/libssh-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.4-18.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:18683.json"}},{"package":{"name":"libssh-debugsource","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/libssh-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.4-18.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:18683.json"}},{"package":{"name":"libssh-devel","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/libssh-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.4-18.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:18683.json"}},{"package":{"name":"libssh","ecosystem":"Red Hat:enterprise_linux:9::baseos","purl":"pkg:rpm/redhat/libssh"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.4-18.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:18683.json"}},{"package":{"name":"libssh-config","ecosystem":"Red Hat:enterprise_linux:9::baseos","purl":"pkg:rpm/redhat/libssh-config"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.4-18.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:18683.json"}},{"package":{"name":"libssh-debuginfo","ecosystem":"Red Hat:enterprise_linux:9::baseos","purl":"pkg:rpm/redhat/libssh-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.4-18.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:18683.json"}},{"package":{"name":"libssh-debugsource","ecosystem":"Red Hat:enterprise_linux:9::baseos","purl":"pkg:rpm/redhat/libssh-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.4-18.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:18683.json"}},{"package":{"name":"libssh-devel","ecosystem":"Red Hat:enterprise_linux:9::baseos","purl":"pkg:rpm/redhat/libssh-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.4-18.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:18683.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}]}