{ "schema_version": "1.7.0", "id": "MGASA-2026-0202", "published": "2026-06-12T23:28:19Z", "modified": "2026-06-12T22:36:20Z", "summary": "Updated libssh packages fix security vulnerabilities", "details": "CVE-2026-0964 Improper sanitation of paths received from SCP servers\nCVE-2026-0965 The libssh can attempt to read non-regular files when\nmisconfigured, which could cause resource exhaustion or blocking.\nCVE-2026-0966 Providing 0-length input for the ssh_get_hexa() causes\n1-byte buffer underflow on heap, possibly causing memory corruption.\nCVE-2026-0967 Pattern matching at various places in libssh could lead to\ncomplex backtracking causing timeouts.\nCVE-2026-0968 Possible read behind bounds of longname\n", "upstream": [ "CVE-2026-0964", "CVE-2026-0965", "CVE-2026-0966", "CVE-2026-0967", "CVE-2026-0968" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2026-0202.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=35138" }, { "type": "WEB", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2026&m=slackware-security.387438" }, { "type": "ADVISORY", "url": "https://www.libssh.org/security/advisories/CVE-2026-0964.txt" }, { "type": "ADVISORY", "url": "https://www.libssh.org/security/advisories/CVE-2026-0965.txt" }, { "type": "ADVISORY", "url": "https://www.libssh.org/security/advisories/CVE-2026-0966.txt" }, { "type": "ADVISORY", "url": "https://www.libssh.org/security/advisories/CVE-2026-0967.txt" }, { "type": "ADVISORY", "url": "https://www.libssh.org/security/advisories/CVE-2026-0968.txt" } ], "affected": [ { "package": { "ecosystem": "Mageia:9", "name": "libssh", "purl": "pkg:rpm/mageia/libssh?arch=source&distro=mageia-9" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.10.6-1.2.mga9" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }