Security update for libssh SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0567-1 Final 1 1 2026-02-17T12:26:12Z current 2026-02-17T12:26:12Z 2026-02-17T12:26:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libssh This update for libssh fixes the following issues: - CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049). - CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045). - CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054). - CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081). - CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sle-micro-rancher/5.2:latest-2026-567,SUSE-2026-567,SUSE-SUSE-MicroOS-5.2-2026-567 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260567-1/ Link for SUSE-SU-2026:0567-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024334.html E-Mail link for SUSE-SU-2026:0567-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1258045 SUSE Bug 1258045 https://bugzilla.suse.com/1258049 SUSE Bug 1258049 https://bugzilla.suse.com/1258054 SUSE Bug 1258054 https://bugzilla.suse.com/1258080 SUSE Bug 1258080 https://bugzilla.suse.com/1258081 SUSE Bug 1258081 https://www.suse.com/security/cve/CVE-2026-0964/ SUSE CVE CVE-2026-0964 page https://www.suse.com/security/cve/CVE-2026-0965/ SUSE CVE CVE-2026-0965 page https://www.suse.com/security/cve/CVE-2026-0966/ SUSE CVE CVE-2026-0966 page https://www.suse.com/security/cve/CVE-2026-0967/ SUSE CVE CVE-2026-0967 page https://www.suse.com/security/cve/CVE-2026-0968/ SUSE CVE CVE-2026-0968 page Container suse/sle-micro-rancher/5.2:latest SUSE Linux Enterprise Micro 5.2 libssh-config-0.9.8-150200.13.15.1 libssh4-0.9.8-150200.13.15.1 libssh-devel-0.9.8-150200.13.15.1 libssh4-32bit-0.9.8-150200.13.15.1 libssh4-64bit-0.9.8-150200.13.15.1 libssh-config-0.9.8-150200.13.15.1 as a component of Container suse/sle-micro-rancher/5.2:latest libssh4-0.9.8-150200.13.15.1 as a component of Container suse/sle-micro-rancher/5.2:latest libssh-config-0.9.8-150200.13.15.1 as a component of SUSE Linux Enterprise Micro 5.2 libssh4-0.9.8-150200.13.15.1 as a component of SUSE Linux Enterprise Micro 5.2 unknown CVE-2026-0964 Container suse/sle-micro-rancher/5.2:latest:libssh-config-0.9.8-150200.13.15.1 Container suse/sle-micro-rancher/5.2:latest:libssh4-0.9.8-150200.13.15.1 SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.15.1 SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.15.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260567-1/ https://www.suse.com/security/cve/CVE-2026-0964.html CVE-2026-0964 https://bugzilla.suse.com/1258049 SUSE Bug 1258049 unknown CVE-2026-0965 Container suse/sle-micro-rancher/5.2:latest:libssh-config-0.9.8-150200.13.15.1 Container suse/sle-micro-rancher/5.2:latest:libssh4-0.9.8-150200.13.15.1 SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.15.1 SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.15.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260567-1/ https://www.suse.com/security/cve/CVE-2026-0965.html CVE-2026-0965 https://bugzilla.suse.com/1258045 SUSE Bug 1258045 unknown CVE-2026-0966 Container suse/sle-micro-rancher/5.2:latest:libssh-config-0.9.8-150200.13.15.1 Container suse/sle-micro-rancher/5.2:latest:libssh4-0.9.8-150200.13.15.1 SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.15.1 SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.15.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260567-1/ https://www.suse.com/security/cve/CVE-2026-0966.html CVE-2026-0966 https://bugzilla.suse.com/1258054 SUSE Bug 1258054 unknown CVE-2026-0967 Container suse/sle-micro-rancher/5.2:latest:libssh-config-0.9.8-150200.13.15.1 Container suse/sle-micro-rancher/5.2:latest:libssh4-0.9.8-150200.13.15.1 SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.15.1 SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.15.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260567-1/ https://www.suse.com/security/cve/CVE-2026-0967.html CVE-2026-0967 https://bugzilla.suse.com/1258081 SUSE Bug 1258081 unknown CVE-2026-0968 Container suse/sle-micro-rancher/5.2:latest:libssh-config-0.9.8-150200.13.15.1 Container suse/sle-micro-rancher/5.2:latest:libssh4-0.9.8-150200.13.15.1 SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.15.1 SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.15.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260567-1/ https://www.suse.com/security/cve/CVE-2026-0968.html CVE-2026-0968 https://bugzilla.suse.com/1258080 SUSE Bug 1258080