Mageia 9 libssh Security Flaw in SCP Causes Resource Exhaustion Issues
mageia
June 12, 2026
Security update
Summary
Description:
CVE-2026-0964 Improper sanitation of paths received from SCP servers
CVE-2026-0965 The libssh can attempt to read non-regular files when
misconfigured, which could cause resource exhaustion or blocking.
CVE-2026-0966 Providing 0-length input for the ssh_get_hexa() causes
1-byte buffer underflow on heap, possibly causing memory corruption.
CVE-2026-0967 Pattern matching at various places in libssh could lead to
complex backtracking causing timeouts.
CVE-2026-0968 Possible read behind bounds of longname
References
- https://bugs.mageia.org/show_bug.cgi?id=35138
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2026&m=slackware-security.387438
- https://www.libssh.org/security/advisories/CVE-2026-0964.txt
- https://www.libssh.org/security/advisories/CVE-2026-0965.txt
- https://www.libssh.org/security/advisories/CVE-2026-0966.txt
- https://www.libssh.org/security/advisories/CVE-2026-0967.txt
- https://www.libssh.org/security/advisories/CVE-2026-0968.txt
- https://www.cve.org/CVERecord?id=CVE-2026-0964
- https://www.cve.org/CVERecord?id=CVE-2026-0965
- https://www.cve.org/CVERecord?id=CVE-2026-0966
- https://www.cve.org/CVERecord?id=CVE-2026-0967
- https://www.cve.org/CVERecord?id=CVE-2026-0968
Topics Covered
Resolution
SRPMS
- 9/core/libssh-0.10.6-1.2.mga9
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date:12 Jun 2026
URL: https://advisories.mageia.org/MGASA-2026-0202.html
Type: security
CVE: CVE-2026-0964,
CVE-2026-0965,
CVE-2026-0966,
CVE-2026-0967,
CVE-2026-0968
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!