diff --git a/CVE-2025-5987.patch b/CVE-2025-5987.patch new file mode 100644 index 0000000..d09a6cb --- /dev/null +++ b/CVE-2025-5987.patch @@ -0,0 +1,31 @@ +From ec82ef931c5b60618c728c2252086f94f90c05a8 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Tue, 6 May 2025 22:51:41 +0200 +Subject: [PATCH] CVE-2025-5987 libcrypto: Correctly detect failures of chacha + initialization + +Signed-off-by: Jakub Jelen +Reviewed-by: Andreas Schneider +--- + src/libcrypto.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/libcrypto.c b/src/libcrypto.c +index 468b63f0..2d0148ad 100644 +--- a/src/libcrypto.c ++++ b/src/libcrypto.c +@@ -831,9 +831,9 @@ chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher, + SSH_LOG(SSH_LOG_TRACE, "EVP_CIPHER_CTX_new failed"); + goto out; + } +- ret = EVP_EncryptInit_ex(ctx->header_evp, EVP_chacha20(), NULL, ++ rv = EVP_EncryptInit_ex(ctx->header_evp, EVP_chacha20(), NULL, + u8key + CHACHA20_KEYLEN, NULL); +- if (ret != 1) { ++ if (rv != 1) { + SSH_LOG(SSH_LOG_TRACE, "EVP_CipherInit failed"); + goto out; + } +-- +2.51.0 + diff --git a/libssh.spec b/libssh.spec index 5f08f59..062931d 100644 --- a/libssh.spec +++ b/libssh.spec @@ -1,6 +1,6 @@ Name: libssh Version: 0.10.4 -Release: 15%{?dist} +Release: 16%{?dist} Summary: A library implementing the SSH protocol License: LGPLv2+ URL: http://www.libssh.org @@ -56,6 +56,7 @@ Patch14: CVE-2023-48795.patch Patch15: CVE-2023-6918.patch Patch16: escape-brackets-in-proxycommand.patch Patch17: CVE-2025-5318.patch +Patch18: CVE-2025-5987.patch %description The ssh library was designed to be used by programmers needing a working SSH @@ -148,6 +149,10 @@ popd %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config %changelog +* Thu Dec 11 2025 Pavol Žáčik - 0.10.4-16 +- Fix CVE-2025-5987 + Resolves: RHEL-130051 + * Wed Oct 01 2025 Pavol Žáčik - 0.10.4-15 - Bump spec to make the 9.7 NVR higher than the 9.6 one