libssh-0.11.4

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
2026-02-11 18:50:28 +09:00 · 2026-02-06 10:11:42 +01:00
parent c53b0ef3ec
commit ca9c055d7c
4 changed files with 462 additions and 3 deletions
--- a/14
+++ b/14
@@ -1,6 +1,20 @@
 CHANGELOG
 =========

+version 0.11.4 (released 2026-02-10)
+ * Security:
+   * CVE-2025-14821: libssh loads configuration files from the C:\etc directory
+     on Windows
+   * CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request()
+   * CVE-2026-0965: Possible Denial of Service when parsing unexpected
+     configuration files
+   * CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input
+   * CVE-2026-0967: Specially crafted patterns could cause DoS
+   * CVE-2026-0968: OOB Read in sftp_parse_longname()
+   * libssh-2026-sftp-extensions: Read buffer overrun when handling SFTP
+     extensions
+ * Stability and compatibility improvements of ProxyJump
+
 version 0.11.3 (released 2025-09-09)
 * Security:
   * CVE-2025-8114: Fix NULL pointer dereference after allocation failure