Ubuntu has announced security updates addressing vulnerabilities in libssh and File::Find::Rule, as detailed in the following security notices:
Several security flaws have been identified in libssh, a lightweight C SSH library, affecting various Ubuntu releases, including 25.04, 24.10, 24.04 LTS, and 22.04 LTS. Key issues include:
- Incorrect handling of base64 conversions, potentially leading to denial of service or arbitrary code execution (CVE-2025-4877).
- Flaws in the `privatekey_from_file()` function and memory operations in the SFTP server (CVE-2025-4878, CVE-2025-5318, CVE-2025-5449).
- Problems with key exporting and the `ssh_kdf()` function, which could also result in denial of service or arbitrary code execution (CVE-2025-5351, CVE-2025-5372).
- Issues related to the ChaCha20 cipher affecting specific Ubuntu versions (CVE-2025-5987).
Update Recommendations:
To mitigate these vulnerabilities, users should update their systems to the specified package versions:
- Ubuntu 25.04: libssh-4 0.11.1-1ubuntu0.1
- Ubuntu 24.10: libssh-4 0.10.6-3ubuntu1.1
- Ubuntu 24.04 LTS: libssh-4 0.10.6-2ubuntu0.1
- Ubuntu 22.04 LTS: libssh-4 0.9.6-2ubuntu0.22.04.4
A standard system update should suffice for most users.
A vulnerability in File::Find::Rule, a Perl module used for file searching based on defined rules, has been reported. This issue allows potentially maliciously crafted filenames to execute arbitrary code (CVE-2011-10007), affecting the same Ubuntu releases as libssh.
Update Recommendations:
To resolve this issue, users should update to the following package versions:
- Ubuntu 25.04: libfile-find-rule-perl 0.34-3ubuntu0.25.04.1
- Ubuntu 24.10: libfile-find-rule-perl 0.34-3ubuntu0.24.10.1
- Ubuntu 24.04 LTS: libfile-find-rule-perl 0.34-3ubuntu0.24.04.1
- Ubuntu 22.04 LTS: libfile-find-rule-perl 0.34-1ubuntu0.22.04.1
As with libssh, a standard system update is recommended for users.
Libssh Vulnerabilities (USN-7619-1)
Release Date: July 07, 2025Several security flaws have been identified in libssh, a lightweight C SSH library, affecting various Ubuntu releases, including 25.04, 24.10, 24.04 LTS, and 22.04 LTS. Key issues include:
- Incorrect handling of base64 conversions, potentially leading to denial of service or arbitrary code execution (CVE-2025-4877).
- Flaws in the `privatekey_from_file()` function and memory operations in the SFTP server (CVE-2025-4878, CVE-2025-5318, CVE-2025-5449).
- Problems with key exporting and the `ssh_kdf()` function, which could also result in denial of service or arbitrary code execution (CVE-2025-5351, CVE-2025-5372).
- Issues related to the ChaCha20 cipher affecting specific Ubuntu versions (CVE-2025-5987).
Update Recommendations:
To mitigate these vulnerabilities, users should update their systems to the specified package versions:
- Ubuntu 25.04: libssh-4 0.11.1-1ubuntu0.1
- Ubuntu 24.10: libssh-4 0.10.6-3ubuntu1.1
- Ubuntu 24.04 LTS: libssh-4 0.10.6-2ubuntu0.1
- Ubuntu 22.04 LTS: libssh-4 0.9.6-2ubuntu0.22.04.4
A standard system update should suffice for most users.
File::Find::Rule Vulnerability (USN-7620-1)
Release Date: July 07, 2025A vulnerability in File::Find::Rule, a Perl module used for file searching based on defined rules, has been reported. This issue allows potentially maliciously crafted filenames to execute arbitrary code (CVE-2011-10007), affecting the same Ubuntu releases as libssh.
Update Recommendations:
To resolve this issue, users should update to the following package versions:
- Ubuntu 25.04: libfile-find-rule-perl 0.34-3ubuntu0.25.04.1
- Ubuntu 24.10: libfile-find-rule-perl 0.34-3ubuntu0.24.10.1
- Ubuntu 24.04 LTS: libfile-find-rule-perl 0.34-3ubuntu0.24.04.1
- Ubuntu 22.04 LTS: libfile-find-rule-perl 0.34-1ubuntu0.22.04.1
As with libssh, a standard system update is recommended for users.
Conclusion
These updates underscore the importance of maintaining system security by regularly applying patches and updates, especially when vulnerabilities that could lead to denial of service or arbitrary code execution are identified. Users are encouraged to stay informed about security notices and promptly update their systems to ensure optimal protection against potential threatsLibssh and File::Find::Rule updates for Ubuntu
Ubuntu Linux has been updated with security updates for libssh and File::Find::Rule vulnerabilities:
[USN-7619-1] libssh vulnerabilities
[USN-7620-1] File::Find::Rule vulnerabilityLibssh and File::Find::Rule updates for Ubuntu @ Linux Compatible
