SUSE-SU-2026:0779-1

CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049).
CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045).
CVE-2026-0966: buffer underflow in sshgethexa() on invalid input (bsc#1258054).
CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081).
CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080).

References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP7 / libssh

Package

Name: libssh
Purl: pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.8-150600.11.9.1

Ecosystem specific

{
    "binaries": [
        {
            "libssh-devel": "0.9.8-150600.11.9.1",
            "libssh4-32bit": "0.9.8-150600.11.9.1",
            "libssh4": "0.9.8-150600.11.9.1",
            "libssh-config": "0.9.8-150600.11.9.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0779-1.json"

openSUSE:Leap 15.6 / libssh

Package

Name: libssh
Purl: pkg:rpm/opensuse/libssh&distro=openSUSE%20Leap%2015.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.8-150600.11.9.1

Ecosystem specific

{
    "binaries": [
        {
            "libssh-devel": "0.9.8-150600.11.9.1",
            "libssh4-32bit": "0.9.8-150600.11.9.1",
            "libssh4": "0.9.8-150600.11.9.1",
            "libssh-config": "0.9.8-150600.11.9.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0779-1.json"