In addition the 0.9.6 version addresses some memory leaks in error path, an AEAD handshake and some more.
You can download libssh here.
- CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism
- Fix several memory leaks on error paths
- Reset pending_call_state on disconnect
- Fix handshake bug with AEAD ciphers and no HMAC overlap
- Use OPENSSL_CRYPTO_LIBRARIES in CMake
- Ignore request success and failure message if they are not expected
- Support more identity files in configuration
- Avoid setting compiler flags directly in CMake
- Support build directories with special characters
- Include stdlib.h to avoid crash in Windows
- Fix sftp_new_channel constructs an invalid object
- Fix Ninja multiple rules error
- Several tests fixes