libssh 0.6.5 (Security and bugfix release)   Recently updated !

This is an important SECURITY and maintenance release in order to address CVE-2015-3146 – Possible double free on a dangling pointer with crafted kexinit packet. libssh versions 0.5.1 and above have a logical error in the handling of a SSH_MSG_NEWKEYS and SSH_MSG_KEXDH_REPLY package. A detected error did not set the session into the error state correctly and further processed the […]


Redmine server down

The server at https://red.libssh.org/ that hosts the redmine bug tracker and the downloads is currently down. We are aware of the issue and couldn’t fix it quickly. In the meantime, all downloads are available from alternative URLs. A mirror of windows binary files can be found here, and the 0.6.4 source code can be downloaded from the git server there. […]


libssh 0.6.4 (Security and bugfix release)

This is an important SECURITY and maintenance release in order to address CVE-2014-8132 – Double free on dangling pointers in initial key exchange packet. libssh versions 0.5.1 and above could leave dangling pointers in the session crypto structures. It is possible to send a malicious kexinit package to eventually cause a server to do a double-free before this fix. This […]