Bug#1120325: trixie-pu: package libssh/0.11.2-1+deb13u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1120325: trixie-pu: package libssh/0.11.2-1+deb13u1
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 07 Nov 2025 17:39:15 +0100
Message-id: <[🔎] 176253355556.33882.13094133114200267601.reportbug@soju.westfalen.local>
Reply-to: Moritz Muehlenhoff <jmm@debian.org>, 1120325@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: libssh@packages.debian.org, mpitt@debian.org
Control: affects -1 + src:libssh
User: release.debian.org@packages.debian.org
Usertags: pu

Fixes two low severity issues, manual tests and autopkgtests via
debusine were fine. Debdiff below.

Cheers,
        Moritz

diff -Nru libssh-0.11.2/debian/changelog libssh-0.11.2/debian/changelog
--- libssh-0.11.2/debian/changelog	2025-06-28 07:42:47.000000000 +0200
+++ libssh-0.11.2/debian/changelog	2025-11-04 00:32:14.000000000 +0100
@@ -1,3 +1,10 @@
+libssh (0.11.2-1+deb13u1) trixie; urgency=medium
+
+  * CVE-2025-8277 (Closes: #1114859)
+  * CVE-2025-8114 (Closes: #1109860)
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Tue, 04 Nov 2025 00:32:14 +0100
+
 libssh (0.11.2-1) unstable; urgency=medium
 
   * New upstream security/bug fix release:
diff -Nru libssh-0.11.2/debian/patches/CVE-2025-8114.patch libssh-0.11.2/debian/patches/CVE-2025-8114.patch
--- libssh-0.11.2/debian/patches/CVE-2025-8114.patch	1970-01-01 01:00:00.000000000 +0100
+++ libssh-0.11.2/debian/patches/CVE-2025-8114.patch	2025-11-04 00:32:14.000000000 +0100
@@ -0,0 +1,32 @@
+From 65f363c9e3a22b90af7f74b5c439a133b1047379 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 6 Aug 2025 15:17:59 +0200
+Subject: CVE-2025-8114: Fix NULL pointer dereference after allocation failure
+
+--- libssh-0.11.2.orig/src/kex.c
++++ libssh-0.11.2/src/kex.c
+@@ -1487,6 +1487,8 @@ int ssh_make_sessionid(ssh_session sessi
+     ssh_log_hexdump("hash buffer", ssh_buffer_get(buf), ssh_buffer_get_len(buf));
+ #endif
+ 
++    /* Set rc for the following switch statement in case we goto error. */
++    rc = SSH_ERROR;
+     switch (session->next_crypto->kex_type) {
+     case SSH_KEX_DH_GROUP1_SHA1:
+     case SSH_KEX_DH_GROUP14_SHA1:
+@@ -1546,6 +1548,7 @@ int ssh_make_sessionid(ssh_session sessi
+                session->next_crypto->secret_hash);
+         break;
+     }
++
+     /* During the first kex, secret hash and session ID are equal. However, after
+      * a key re-exchange, a new secret hash is calculated. This hash will not replace
+      * but complement existing session id.
+@@ -1554,6 +1557,7 @@ int ssh_make_sessionid(ssh_session sessi
+         session->next_crypto->session_id = malloc(session->next_crypto->digest_len);
+         if (session->next_crypto->session_id == NULL) {
+             ssh_set_error_oom(session);
++            rc = SSH_ERROR;
+             goto error;
+         }
+         memcpy(session->next_crypto->session_id, session->next_crypto->secret_hash,
diff -Nru libssh-0.11.2/debian/patches/CVE-2025-8277.patch libssh-0.11.2/debian/patches/CVE-2025-8277.patch
--- libssh-0.11.2/debian/patches/CVE-2025-8277.patch	1970-01-01 01:00:00.000000000 +0100
+++ libssh-0.11.2/debian/patches/CVE-2025-8277.patch	2025-11-04 00:32:14.000000000 +0100
@@ -0,0 +1,153 @@
+Consists of these fixes upstream:
+
+From 87db2659ec608a977a63eea529f17b9168388d73 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 5 Aug 2025 18:42:31 +0200
+Subject: CVE-2025-8277: packet: Adjust packet filter to work when DH-GEX is
+ guessed wrongly
+
+From 266174a6d36687b65cf90174f06af90b8b27c65f Mon Sep 17 00:00:00 2001
+From: Francesco Rollo <eferollo@gmail.com>
+Date: Thu, 24 Jul 2025 16:30:07 +0300
+Subject: CVE-2025-8277: Fix memory leak of unused ephemeral key pair after
+ client's wrong KEX guess
+
+From 8e4d67aa9eda455bfad9ac610e54b7a548d0aa08 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 6 Aug 2025 11:10:38 +0200
+Subject: CVE-2025-8277: ecdh: Free previously allocated pubkeys
+
+From 1c763e29d138db87665e98983f468d2dd0f286c1 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 6 Aug 2025 15:32:56 +0200
+Subject: CVE-2025-8277: mbedtls: Avoid leaking ecdh keys
+
+--- libssh-0.11.2.orig/src/dh_crypto.c
++++ libssh-0.11.2/src/dh_crypto.c
+@@ -407,6 +407,11 @@ int ssh_dh_init_common(struct ssh_crypto
+     struct dh_ctx *ctx = NULL;
+     int rc;
+ 
++    /* Cleanup any previously allocated dh_ctx */
++    if (crypto->dh_ctx != NULL) {
++        ssh_dh_cleanup(crypto);
++    }
++
+     ctx = calloc(1, sizeof(*ctx));
+     if (ctx == NULL) {
+         return SSH_ERROR;
+--- libssh-0.11.2.orig/src/dh_key.c
++++ libssh-0.11.2/src/dh_key.c
+@@ -237,6 +237,11 @@ int ssh_dh_init_common(struct ssh_crypto
+     struct dh_ctx *ctx = NULL;
+     int rc;
+ 
++    /* Cleanup any previously allocated dh_ctx */
++    if (crypto->dh_ctx != NULL) {
++        ssh_dh_cleanup(crypto);
++    }
++
+     ctx = calloc(1, sizeof(*ctx));
+     if (ctx == NULL) {
+         return SSH_ERROR;
+--- libssh-0.11.2.orig/src/ecdh_crypto.c
++++ libssh-0.11.2/src/ecdh_crypto.c
+@@ -191,6 +191,17 @@ static ssh_string ssh_ecdh_generate(ssh_
+ #endif /* OPENSSL_VERSION_NUMBER */
+         return NULL;
+     }
++
++    /* Free any previously allocated privkey */
++    if (session->next_crypto->ecdh_privkey != NULL) {
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
++        EC_KEY_free(session->next_crypto->ecdh_privkey);
++#else
++        EVP_PKEY_free(session->next_crypto->ecdh_privkey);
++#endif
++        session->next_crypto->ecdh_privkey = NULL;
++    }
++
+     session->next_crypto->ecdh_privkey = key;
+     return pubkey_string;
+ }
+@@ -219,6 +230,7 @@ int ssh_client_ecdh_init(ssh_session ses
+         return SSH_ERROR;
+     }
+ 
++    ssh_string_free(session->next_crypto->ecdh_client_pubkey);
+     session->next_crypto->ecdh_client_pubkey = client_pubkey;
+ 
+     /* register the packet callbacks */
+--- libssh-0.11.2.orig/src/ecdh_gcrypt.c
++++ libssh-0.11.2/src/ecdh_gcrypt.c
+@@ -101,8 +101,15 @@ int ssh_client_ecdh_init(ssh_session ses
+         goto out;
+     }
+ 
++    /* Free any previously allocated privkey */
++    if (session->next_crypto->ecdh_privkey != NULL) {
++        gcry_sexp_release(session->next_crypto->ecdh_privkey);
++        session->next_crypto->ecdh_privkey = NULL;
++    }
+     session->next_crypto->ecdh_privkey = key;
+     key = NULL;
++
++    SSH_STRING_FREE(session->next_crypto->ecdh_client_pubkey);
+     session->next_crypto->ecdh_client_pubkey = client_pubkey;
+     client_pubkey = NULL;
+ 
+--- libssh-0.11.2.orig/src/ecdh_mbedcrypto.c
++++ libssh-0.11.2/src/ecdh_mbedcrypto.c
+@@ -70,6 +70,12 @@ int ssh_client_ecdh_init(ssh_session ses
+         return SSH_ERROR;
+     }
+ 
++    /* Free any previously allocated privkey */
++    if (session->next_crypto->ecdh_privkey != NULL) {
++        mbedtls_ecp_keypair_free(session->next_crypto->ecdh_privkey);
++        SAFE_FREE(session->next_crypto->ecdh_privkey);
++    }
++
+     session->next_crypto->ecdh_privkey = malloc(sizeof(mbedtls_ecp_keypair));
+     if (session->next_crypto->ecdh_privkey == NULL) {
+         return SSH_ERROR;
+@@ -110,6 +116,7 @@ int ssh_client_ecdh_init(ssh_session ses
+         goto out;
+     }
+ 
++    SSH_STRING_FREE(session->next_crypto->ecdh_client_pubkey);
+     session->next_crypto->ecdh_client_pubkey = client_pubkey;
+     client_pubkey = NULL;
+ 
+--- libssh-0.11.2.orig/src/packet.c
++++ libssh-0.11.2/src/packet.c
+@@ -294,6 +294,7 @@ static enum ssh_packet_filter_result_e s
+          *   or session_state == SSH_SESSION_STATE_INITIAL_KEX
+          * - dh_handshake_state == DH_STATE_INIT
+          *   or dh_handshake_state == DH_STATE_INIT_SENT (re-exchange)
++         *   or dh_handshake_state == DH_STATE_REQUEST_SENT (dh-gex)
+          *   or dh_handshake_state == DH_STATE_FINISHED (re-exchange)
+          *
+          * Transitions:
+@@ -313,6 +314,7 @@ static enum ssh_packet_filter_result_e s
+ 
+         if ((session->dh_handshake_state != DH_STATE_INIT) &&
+             (session->dh_handshake_state != DH_STATE_INIT_SENT) &&
++            (session->dh_handshake_state != DH_STATE_REQUEST_SENT) &&
+             (session->dh_handshake_state != DH_STATE_FINISHED))
+         {
+             rc = SSH_PACKET_DENIED;
+--- libssh-0.11.2.orig/src/wrapper.c
++++ libssh-0.11.2/src/wrapper.c
+@@ -181,7 +181,10 @@ void crypto_free(struct ssh_crypto_struc
+ #endif /* OPENSSL_VERSION_NUMBER */
+ #elif defined HAVE_GCRYPT_ECC
+         gcry_sexp_release(crypto->ecdh_privkey);
+-#endif
++#elif defined HAVE_LIBMBEDCRYPTO
++        mbedtls_ecp_keypair_free(crypto->ecdh_privkey);
++        SAFE_FREE(crypto->ecdh_privkey);
++#endif /* HAVE_LIBGCRYPT */
+         crypto->ecdh_privkey = NULL;
+     }
+ #endif
diff -Nru libssh-0.11.2/debian/patches/series libssh-0.11.2/debian/patches/series
--- libssh-0.11.2/debian/patches/series	2025-06-28 07:42:47.000000000 +0200
+++ libssh-0.11.2/debian/patches/series	2025-11-04 00:32:14.000000000 +0100
@@ -1,3 +1,5 @@
 1003-custom-lib-names.patch
 2003-disable-expand_tilde_unix-test.patch
 2004-install-static-lib.patch
+CVE-2025-8277.patch
+CVE-2025-8114.patch

Reply to:

Follow-Ups:
- Processed: trixie-pu: package libssh/0.11.2-1+deb13u1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1120325: libssh 0.11.2-1+deb13u1 flagged for acceptance
  - From: Adam D Barratt <adam@adam-barratt.org.uk>
- Bug#1120325: marked as done (trixie-pu: package libssh/0.11.2-1+deb13u1)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: trixie-pu: package libssh/0.11.2-1+deb13u1
Next by Date: Bug#1120125: trixie-pu: cups/2.4.10-3+deb13u2
Previous by thread: Restaurant marketing insights from 2025 trends
Next by thread: Processed: trixie-pu: package libssh/0.11.2-1+deb13u1
Index(es):
- Date
- Thread