This is an important SECURITY and maintenance release in order to address CVE-2015-3146 – Possible double free on a dangling pointer with crafted kexinit packet. libssh versions 0.5.1 and above have a logical error in the handling of a SSH_MSG_NEWKEYS and SSH_MSG_KEXDH_REPLY package. A detected error did not set the session into the error state … Continue reading libssh 0.6.5 (Security and bugfix release)