{"affected":[{"ecosystem_specific":{"binaries":[{"libssh-config":"0.10.6-slfo.1.1_4.1","libssh4":"0.10.6-slfo.1.1_4.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.1","name":"libssh","purl":"pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Micro%206.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.6-slfo.1.1_4.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libssh fixes the following issues:\n\n- CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049).\n- CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045).\n- CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054).\n- CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081).\n- CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080).\n","id":"SUSE-SU-2026:20531-1","modified":"2026-02-26T11:27:41Z","published":"2026-02-26T11:27:41Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-202620531-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258045"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258049"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258054"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258080"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258081"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-0964"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-0965"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-0966"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-0967"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-0968"}],"related":["CVE-2026-0964","CVE-2026-0965","CVE-2026-0966","CVE-2026-0967","CVE-2026-0968"],"summary":"Security update for libssh","upstream":["CVE-2026-0964","CVE-2026-0965","CVE-2026-0966","CVE-2026-0967","CVE-2026-0968"]}