ALSA-2026:18160

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.

Security Fix(es):

• libssh: Buffer underflow in sshgethexa() on invalid input (CVE-2026-0966)
• libssh: Improper sanitation of paths received from SCP servers (CVE-2026-0964)
• libssh: libssh: Denial of Service via improper configuration file handling (CVE-2026-0965)
• libssh: libssh: Denial of Service via inefficient regular expression processing (CVE-2026-0967)
• libssh: libssh: Denial of Service due to malformed SFTP message (CVE-2026-0968)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.