Slackware has released a new version of the libssh package, specifically version 0.11.3, for both Slackware 15.0 and the -current branch. This update addresses critical security vulnerabilities, including potential use-after-free (UAF) issues and memory leaks. Users are encouraged to upgrade their libssh packages as root using the "upgradepkg" command along with the appropriate .txz file.
Key improvements in this update include:
- Fixing a NULL pointer dereference that could occur after an allocation failure.
- Resolving a memory leak related to ephemeral key pairs during repeated failed key exchanges.
- Addressing potential UAF scenarios when the send() function fails during key exchanges.
For further details, users can refer to CVE records associated with the vulnerabilities:
- CVE-2025-8114
- CVE-2025-8277
The updated packages can be downloaded from the Slackware FTP server or various mirrors listed on the official website. The package for Slackware 15.0 is available in both x86 and x86_64 formats, and similar versions are also provided for the -current branch. The MD5 checksums for verifying the integrity of the downloaded packages are also included.
To install the update, users should execute the following command as root:
The Slackware Linux Security Team emphasizes the importance of keeping software updated to mitigate security risks and recommends users check for updates regularly.
As an extension to this update, it's crucial for users and administrators to remain vigilant about security practices. Regularly reviewing system logs, conducting vulnerability scans, and subscribing to security mailing lists can help identify and address potential threats promptly. Additionally, users should consider implementing security measures such as firewalls and intrusion detection systems to further safeguard their systems against attacks. Staying informed about software updates, especially those related to security, is a vital aspect of maintaining a secure computing environment
Key improvements in this update include:
- Fixing a NULL pointer dereference that could occur after an allocation failure.
- Resolving a memory leak related to ephemeral key pairs during repeated failed key exchanges.
- Addressing potential UAF scenarios when the send() function fails during key exchanges.
For further details, users can refer to CVE records associated with the vulnerabilities:
- CVE-2025-8114
- CVE-2025-8277
The updated packages can be downloaded from the Slackware FTP server or various mirrors listed on the official website. The package for Slackware 15.0 is available in both x86 and x86_64 formats, and similar versions are also provided for the -current branch. The MD5 checksums for verifying the integrity of the downloaded packages are also included.
To install the update, users should execute the following command as root:
upgradepkg libssh-0.11.3-i586-1_slack15.0.txz
The Slackware Linux Security Team emphasizes the importance of keeping software updated to mitigate security risks and recommends users check for updates regularly.
As an extension to this update, it's crucial for users and administrators to remain vigilant about security practices. Regularly reviewing system logs, conducting vulnerability scans, and subscribing to security mailing lists can help identify and address potential threats promptly. Additionally, users should consider implementing security measures such as firewalls and intrusion detection systems to further safeguard their systems against attacks. Staying informed about software updates, especially those related to security, is a vital aspect of maintaining a secure computing environment
LibSSH update for Slackware
New libssh packages are available for Slackware 15.0 and -current to address several security issues, including potential UAF (use-after-free) vulnerabilities and memory leaks. The updated packages, version 0.11.3, address these issues and can be found on the Slackware FTP server or mirrored at additional sites listed on the project's website. Users are advised to upgrade their libssh package as root using the "upgradepkg" command with the corresponding .txz file.
libssh (SSA:2025-252-01)
