Import from CS git

SOURCES/CVE-2025-5318.patch

@@ -0,0 +1,27 @@
+From 9a08a370f68266f92df5a6037bd722041703df27 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 22 Apr 2025 21:18:44 +0200
+Subject: [PATCH] CVE-2025-5318: sftpserver: Fix possible buffer overrun
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+---
+ src/sftpserver.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/sftpserver.c b/src/sftpserver.c
+index 9117f155..b3349e16 100644
+--- a/src/sftpserver.c
++++ b/src/sftpserver.c
+@@ -538,7 +538,7 @@ void *sftp_handle(sftp_session sftp, ssh_string handle){
+ 
+   memcpy(&val, ssh_string_data(handle), sizeof(uint32_t));
+ 
+-  if (val > SFTP_HANDLES) {
++  if (val >= SFTP_HANDLES) {
+     return NULL;
+   }
+ 
+-- 
+2.50.1
+

SPECS/libssh.spec

@@ -1,6 +1,6 @@
 Name:           libssh
 Version:        0.9.6
-Release:        14%{?dist}
+Release:        15%{?dist}
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
@@ -20,6 +20,7 @@ Patch5:         covscan23.patch
 Patch6:         CVE-2023-48795.patch
 Patch7:         CVE-2023-6004.patch
 Patch8:         CVE-2023-6918.patch
+Patch9:         CVE-2025-5318.patch
 
 BuildRequires:  cmake
 BuildRequires:  doxygen
@@ -148,6 +149,10 @@ popd
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
 
 %changelog
+* Tue Sep 30 2025 Pavol Žáčik <pzacik@redhat.com> - 0.9.6-15
+- Fix CVE-2025-5318
+  Resolves: RHEL-111724
+
 * Mon Feb 26 2024 Sahana Prasad <sahana@redhat.com> - 0.9.6-14
 - Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol (BPP)
 - Fix CVE-2023-6918 Missing checks for return values for digests