ALP-pool/libssh
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sync from SUSE:ALP:Source:Standard:1.0 libssh revision 984bfeba8c95feb47bb2867501ef34e5

Browse Source
This commit is contained in:
Adrian Schröter
2026-02-26 11:33:57 +01:00
parent 11e006dd3e
commit c3ddec026a
9 changed files with 894 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
libssh.changes
View File

@@ -1,3 +1,22 @@
-------------------------------------------------------------------
Wed Feb 11 11:28:10 UTC 2026 - Pedro Monreal <pmonreal@suse.com>
- Security fixes:
* CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049)
* CVE-2026-0965: Possible Denial of Service when parsing unexpected
configuration files (bsc#1258045)
* CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054)
* CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081)
* CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080)
* Add patches:
- libssh-CVE-2026-0964-scp-Reject-invalid-paths-received-thro.patch
- libssh-CVE-2026-0965-config-Do-not-attempt-to-read-non-regu.patch
- libssh-CVE-2026-0966-misc-Avoid-heap-buffer-underflow-in-ss.patch
- libssh-CVE-2026-0966-tests-Test-coverage-for-ssh_get_hexa.patch
- libssh-CVE-2026-0966-doc-Update-guided-tour-to-use-SHA256-f.patch
- libssh-CVE-2026-0967-match-Avoid-recursive-matching-ReDoS.patch
- libssh-CVE-2026-0968-sftp-Sanitize-input-handling-in-sftp_p.patch
-------------------------------------------------------------------
Fri Sep 19 10:37:27 UTC 2025 - Pedro Monreal <pmonreal@suse.com>