Alerts This Week
Warning Icon 1 815
Alerts This Week
Warning Icon 1 815

SUSE Apache-SSH-D Important Path Traversal Signature Issue 2026-2472-1

suse
Calendar Grey June 19, 2026
Dist Suse Esm H88
Update for apache-sshd addresses critical issues with path traversal and signature malleability vulnerabilities.
An update that solves two vulnerabilities can now be installed.

Summary

## This update for apache-sshd, jpgpj fixes the following issues * CVE-2020-36843: no check performed on scalar to avoid signature malleability (bsc#1239551). * CVE-2026-48827: Apache MINA SSHD: Path traversal in org.apache.sshd: sshd- git (bsc#1267018). Changes for jpgpj: * Initial packaging with v1.3 Changes for apache-sshd: * Update to upstream version 2.18.0 * Bug Fixes * GH-743 Ensure the Java ServiceLoader use a singleton SftpFileSystemProvider * GH-879 Close SSH channel gracefully on exception in port forwarding * Security: Improve handling of repository paths in sshd-git. Resolves CVE-2026-48827, bsc#1267018 * New Features * GH-892 Align handling certificates without principals with OpenSSH 10.3 * Update to upstream version 2.17.1 * Changes * GH-875 Use Apache Parent POM 36

Topics%20covered

Topics Covered

security advisory security update SuSE important path traversal signature malleability

References

* bsc#1239551

* bsc#1267018

Cross-

* CVE-2020-36843

* CVE-2026-48827

CVSS scores:

* CVE-2020-36843 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2020-36843 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2020-36843 ( NVD ): 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

* CVE-2026-48827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2026-48827 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

* CVE-2026-48827 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* Development Tools Module 15-SP7

* SUSE Linux Enterprise Desktop 15 SP7

* SUSE Linux Enterprise High Performance Computing 15 SP4

* SUSE Linux Enterprise High Performance Computing 15 SP5

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2472-1
Release Date: 2026-06-19T13:41:45Z
Rating: important

Topics%20covered

Topics Covered

security advisory security update SuSE important path traversal signature malleability

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here