Release


libssh 0.7.3 (security and bugfix release)

This is an important SECURITY and maintenance release in order to address CVE-2016-0739 – Bits/bytes confusion resulting in truncated Difffie-Hellman secret length. libssh versions 0.1 and above have a bits/bytes confusion bug and generate the an anormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes […]


libssh 0.7.0

The libssh team is happy to announce version 0.7.0 of the SSH library. The big feature of this release is support of ed25519 keys which OpenSSH supports since version 6.5. We also improved a lot of the internal code and fixed a long list of bugs. Some of the features got backported to the libssh 0.6 release. Thanks to all […]


libssh 0.6.5 (Security and bugfix release)

This is an important SECURITY and maintenance release in order to address CVE-2015-3146 – Possible double free on a dangling pointer with crafted kexinit packet. libssh versions 0.5.1 and above have a logical error in the handling of a SSH_MSG_NEWKEYS and SSH_MSG_KEXDH_REPLY package. A detected error did not set the session into the error state correctly and further processed the […]


libssh 0.6.4 (Security and bugfix release)

This is an important SECURITY and maintenance release in order to address CVE-2014-8132 – Double free on dangling pointers in initial key exchange packet. libssh versions 0.5.1 and above could leave dangling pointers in the session crypto structures. It is possible to send a malicious kexinit package to eventually cause a server to do a double-free before this fix. This […]