Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

SUSE Linux 12 SP5 libssh Moderate Denial of Service Fix 2026-1344-1

suse
Calendar Grey April 15, 2026
Scroller Suse
Update for libssh resolves six vulnerabilities affecting SUSE systems, crucial for maintaining security and integrity.
An update that solves six vulnerabilities can now be installed.

Summary

## This update for libssh fixes the following issues: * CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler (bsc#1259377). * CVE-2026-0964: SCP protocol path traversal in `ssh_scp_pull_request()` (bsc#1258049). * CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045). * CVE-2026-0966: buffer underflow in `ssh_get_hexa()` on invalid input (bsc#1258054). * CVE-2026-0967: specially crafted patterns could cause a denial of service (bsc#1258081). * CVE-2026-0968: out-of-bounds read in `sftp_parse_longname()` (bsc#1258080). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

* bsc#1258045

* bsc#1258049

* bsc#1258054

* bsc#1258080

* bsc#1258081

* bsc#1259377

Cross-

* CVE-2026-0964

* CVE-2026-0965

* CVE-2026-0966

* CVE-2026-0967

* CVE-2026-0968

* CVE-2026-3731

CVSS scores:

* CVE-2026-0964 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

* CVE-2026-0964 ( NVD ): 5.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

* CVE-2026-0965 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

* CVE-2026-0965 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

* CVE-2026-0966 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

* CVE-2026-0966 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

* CVE-2026-0967 ( SUSE ): 1.0

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Announcement ID: SUSE-SU-2026:1344-1
Release Date: 2026-04-15T10:21:31Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.