Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 564
Alerts This Week
Warning Icon 1 564

openSUSE Leap 16.0 libssh Moderate Denial of Service Vuln 2026-20647-1

opensuse
Calendar Grey April 30, 2026
Scroller Opensuse
Moderate security update for openSUSE libssh addressing several vulnerabilities and essential bug fixes.
An update that solves 7 vulnerabilities and has 7 bug fixes can now be installed.

Description

This update for libssh fixes the following issues:

- Update to version 0.11.4:

- CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049)

- CVE-2026-0965: Possible Denial of Service when parsing unexpected configuration files (bsc#1258045)

- CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054)

- CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081)

- CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080)

- CVE-2025-8114: Fix NULL pointer dereference after allocation failure (bsc#1246974)

- CVE-2025-8277: Fix memory leak of ephemeral key pair during repeated wrong KEX (bsc#1249375)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-655=1

Patch

Package List

- openSUSE Leap 16.0:

libssh-config-0.11.4-160000.1.1

libssh-devel-0.11.4-160000.1.1

libssh4-0.11.4-160000.1.1

References

* bsc#1246974

* bsc#1249375

* bsc#1258045

* bsc#1258049

* bsc#1258054

* bsc#1258080

* bsc#1258081

References:

* https://www.suse.com/security/cve/CVE-2025-8114.html

* https://www.suse.com/security/cve/CVE-2025-8277.html

* https://www.suse.com/security/cve/CVE-2026-0964.html

* https://www.suse.com/security/cve/CVE-2026-0965.html

* https://www.suse.com/security/cve/CVE-2026-0966.html

* https://www.suse.com/security/cve/CVE-2026-0967.html

* https://www.suse.com/security/cve/CVE-2026-0968.html

Announcement ID: openSUSE-SU-2026:20647-1
Rating: moderate
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.