Updated libssh packages fix security vulnerabilities
Publication date: 12 Jun 2026Modification date: 12 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-0964 , CVE-2026-0965 , CVE-2026-0966 , CVE-2026-0967 , CVE-2026-0968
Description
CVE-2026-0964 Improper sanitation of paths received from SCP servers
CVE-2026-0965 The libssh can attempt to read non-regular files when
misconfigured, which could cause resource exhaustion or blocking.
CVE-2026-0966 Providing 0-length input for the ssh_get_hexa() causes
1-byte buffer underflow on heap, possibly causing memory corruption.
CVE-2026-0967 Pattern matching at various places in libssh could lead to
complex backtracking causing timeouts.
CVE-2026-0968 Possible read behind bounds of longname
References
- https://bugs.mageia.org/show_bug.cgi?id=35138
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2026&m=slackware-security.387438
- https://www.libssh.org/security/advisories/CVE-2026-0964.txt
- https://www.libssh.org/security/advisories/CVE-2026-0965.txt
- https://www.libssh.org/security/advisories/CVE-2026-0966.txt
- https://www.libssh.org/security/advisories/CVE-2026-0967.txt
- https://www.libssh.org/security/advisories/CVE-2026-0968.txt
- https://www.cve.org/CVERecord?id=CVE-2026-0964
- https://www.cve.org/CVERecord?id=CVE-2026-0965
- https://www.cve.org/CVERecord?id=CVE-2026-0966
- https://www.cve.org/CVERecord?id=CVE-2026-0967
- https://www.cve.org/CVERecord?id=CVE-2026-0968
SRPMS
9/core
- libssh-0.10.6-1.2.mga9