{"affected":[{"ecosystem_specific":{"binaries":[{"libssh-config":"0.10.6-4.1","libssh4":"0.10.6-4.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"libssh","purl":"pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.6-4.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libssh fixes the following issues:\n\n- CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049)\n- CVE-2026-0965: Possible Denial of Service when parsing unexpected configuration files (bsc#1258045)\n- CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054)\n- CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081)\n- CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080)\n","id":"SUSE-SU-2026:20524-1","modified":"2026-02-26T11:08:16Z","published":"2026-02-26T11:08:16Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-202620524-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258045"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258049"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258054"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258080"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258081"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-0964"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-0965"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-0966"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-0967"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-0968"}],"related":["CVE-2026-0964","CVE-2026-0965","CVE-2026-0966","CVE-2026-0967","CVE-2026-0968"],"summary":"Security update for libssh","upstream":["CVE-2026-0964","CVE-2026-0965","CVE-2026-0966","CVE-2026-0967","CVE-2026-0968"]}