SUSE-SU-2026:0567-1
- Source
- https://www.suse.com/support/update/announcement/2026/suse-su-20260567-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0567-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2026:0567-1
- Upstream
- Related
- Published
- 2026-02-17T12:26:12Z
- Modified
- 2026-03-11T07:31:37.717444Z
- Summary
- Security update for libssh
- Details
-
This update for libssh fixes the following issues:
- CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049).
- CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045).
- CVE-2026-0966: buffer underflow in sshgethexa() on invalid input (bsc#1258054).
- CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081).
- CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080).
- References
-
- https://www.suse.com/support/update/announcement/2026/suse-su-20260567-1/
- https://bugzilla.suse.com/1258045
- https://bugzilla.suse.com/1258049
- https://bugzilla.suse.com/1258054
- https://bugzilla.suse.com/1258080
- https://bugzilla.suse.com/1258081
- https://www.suse.com/security/cve/CVE-2026-0964
- https://www.suse.com/security/cve/CVE-2026-0965
- https://www.suse.com/security/cve/CVE-2026-0966
- https://www.suse.com/security/cve/CVE-2026-0967
- https://www.suse.com/security/cve/CVE-2026-0968
Affected packages
SUSE:Linux Enterprise Micro 5.2 / libssh
Package
- Name
- libssh
- Purl
- pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.8-150200.13.15.1