Critical Memory Disclosure Vulnerability in libssh2 Affects Debian and openSUSE

A critical memory disclosure vulnerability in libssh2 has been addressed in recent updates for Debian and openSUSE. Debian fixed the issue in version 1.11.1-1+deb13u1, while openSUSE released libssh2-1-1.11.1-3.1 on Tumbleweed. The vulnerability could potentially lead to Denial of Service (DoS) attacks, affecting systems that rely on libssh2 for SSH and SFTP functionalities. Users are advised to upgrade their libssh2 packages to mitigate risks. The specific CVEs related to this vulnerability have not been disclosed in the articles. The updates are crucial for maintaining system security and preventing potential exploitation. Both distributions emphasize the importance of applying these updates promptly.

Key Points: • A critical memory disclosure vulnerability in libssh2 has been patched in Debian and openSUSE. • Debian users should upgrade to version 1.11.1-1+deb13u1 to mitigate risks. • openSUSE Tumbleweed users need to update to libssh2-1-1.11.1-3.1 to secure their systems.