Red Hat Product Errata RHSA-2025:23484 - Security Advisory
Issued:
2025-12-17
Updated:
2025-12-17

RHSA-2025:23484 - Security Advisory

Synopsis

Moderate: libssh security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libssh is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.

Security Fix(es):

  • libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend (CVE-2025-5987)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64

Fixes

  • BZ - 2376219 - CVE-2025-5987 libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

Red Hat Enterprise Linux for x86_64 10

SRPM
libssh-0.11.1-5.el10_1.src.rpm SHA-256: 31a712dc71e9f85cf44cb93c07f7dac1528fbdd2d2392b9b602c3d91c8200a8f
x86_64
libssh-0.11.1-5.el10_1.x86_64.rpm SHA-256: 51a3ec3ca0bf3c401ca4e479fe9e935b6995730edb1fa9b9c518901146390cfa
libssh-config-0.11.1-5.el10_1.noarch.rpm SHA-256: 240e7bc0b97105539be81f5ccc9adbc270ae8ca073d08fc30eefa47eb6ac57ac
libssh-debuginfo-0.11.1-5.el10_1.x86_64.rpm SHA-256: f7144ac095d1525abe9a90f5176396cdd5dfcb06f7b66bf81545acc46fedfe30
libssh-debuginfo-0.11.1-5.el10_1.x86_64.rpm SHA-256: f7144ac095d1525abe9a90f5176396cdd5dfcb06f7b66bf81545acc46fedfe30
libssh-debugsource-0.11.1-5.el10_1.x86_64.rpm SHA-256: 07ac6fd143c71d2269b8db39b34b793545785adf04938b407f8f20a1ec8a2470
libssh-debugsource-0.11.1-5.el10_1.x86_64.rpm SHA-256: 07ac6fd143c71d2269b8db39b34b793545785adf04938b407f8f20a1ec8a2470
libssh-devel-0.11.1-5.el10_1.x86_64.rpm SHA-256: a72dbc286669ff3d9dbc0fbde8cf9546222df2caaf166587fe28e86262216db0

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
libssh-0.11.1-5.el10_1.src.rpm SHA-256: 31a712dc71e9f85cf44cb93c07f7dac1528fbdd2d2392b9b602c3d91c8200a8f
s390x
libssh-0.11.1-5.el10_1.s390x.rpm SHA-256: 20c7b77375579a7a9ed70d5c70a62cfe9a26884a42b77c5de1245b8367e591ef
libssh-config-0.11.1-5.el10_1.noarch.rpm SHA-256: 240e7bc0b97105539be81f5ccc9adbc270ae8ca073d08fc30eefa47eb6ac57ac
libssh-debuginfo-0.11.1-5.el10_1.s390x.rpm SHA-256: d168b2ab860c64d0f8cab504a9eaeb270c751da845d90acefcaadceb4c3e40d8
libssh-debuginfo-0.11.1-5.el10_1.s390x.rpm SHA-256: d168b2ab860c64d0f8cab504a9eaeb270c751da845d90acefcaadceb4c3e40d8
libssh-debugsource-0.11.1-5.el10_1.s390x.rpm SHA-256: 8f4f38b9593b33c47fe769e60320cd29491064307d52780d3ce81a40b139e116
libssh-debugsource-0.11.1-5.el10_1.s390x.rpm SHA-256: 8f4f38b9593b33c47fe769e60320cd29491064307d52780d3ce81a40b139e116
libssh-devel-0.11.1-5.el10_1.s390x.rpm SHA-256: cec68bbce38cf6b8b5948e49c05a210ee0ce0353668266695727ff905976d536

Red Hat Enterprise Linux for Power, little endian 10

SRPM
libssh-0.11.1-5.el10_1.src.rpm SHA-256: 31a712dc71e9f85cf44cb93c07f7dac1528fbdd2d2392b9b602c3d91c8200a8f
ppc64le
libssh-0.11.1-5.el10_1.ppc64le.rpm SHA-256: 101aa56efef53dd3d40abe321dd2c674a431952a3e96fd42020392167b55b07e
libssh-config-0.11.1-5.el10_1.noarch.rpm SHA-256: 240e7bc0b97105539be81f5ccc9adbc270ae8ca073d08fc30eefa47eb6ac57ac
libssh-debuginfo-0.11.1-5.el10_1.ppc64le.rpm SHA-256: 57005c4419599f4ba40064ad4c9ecc85b231ef1878e6df36d6812f3ff60674e7
libssh-debuginfo-0.11.1-5.el10_1.ppc64le.rpm SHA-256: 57005c4419599f4ba40064ad4c9ecc85b231ef1878e6df36d6812f3ff60674e7
libssh-debugsource-0.11.1-5.el10_1.ppc64le.rpm SHA-256: bd02fdc4b55bb23bba2a371ada149fab9db037b300f4701fb54284b70ec2a4da
libssh-debugsource-0.11.1-5.el10_1.ppc64le.rpm SHA-256: bd02fdc4b55bb23bba2a371ada149fab9db037b300f4701fb54284b70ec2a4da
libssh-devel-0.11.1-5.el10_1.ppc64le.rpm SHA-256: c469e2df223b7a94b8d50f0ed526eac8c1cc97850b9549f057aba8a89a32ca40

Red Hat Enterprise Linux for ARM 64 10

SRPM
libssh-0.11.1-5.el10_1.src.rpm SHA-256: 31a712dc71e9f85cf44cb93c07f7dac1528fbdd2d2392b9b602c3d91c8200a8f
aarch64
libssh-0.11.1-5.el10_1.aarch64.rpm SHA-256: d72fd4eb78321583bce372700ffd5591ea275f5e8e8600ef92ad81407b533aa1
libssh-config-0.11.1-5.el10_1.noarch.rpm SHA-256: 240e7bc0b97105539be81f5ccc9adbc270ae8ca073d08fc30eefa47eb6ac57ac
libssh-debuginfo-0.11.1-5.el10_1.aarch64.rpm SHA-256: 4a40734bd5c207dc8a54dfe9e5325a1c4499f35776346c8b43b33c25cb58513d
libssh-debuginfo-0.11.1-5.el10_1.aarch64.rpm SHA-256: 4a40734bd5c207dc8a54dfe9e5325a1c4499f35776346c8b43b33c25cb58513d
libssh-debugsource-0.11.1-5.el10_1.aarch64.rpm SHA-256: e727a87ccefe37cdb903f0009bb6135f375b981d6952e454dfdc08aeb103aca6
libssh-debugsource-0.11.1-5.el10_1.aarch64.rpm SHA-256: e727a87ccefe37cdb903f0009bb6135f375b981d6952e454dfdc08aeb103aca6
libssh-devel-0.11.1-5.el10_1.aarch64.rpm SHA-256: a5b00eebcd1a85065609fe68ae721427e566c576726d7dd9ad5cc6b6eb83af66

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.