ALSA-2026:18160

[ALSA-2026:18160] Moderate: libssh security update

Type:

security

Severity:

moderate

Release date:

2026-05-26

Description:

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.  

Security Fix(es):  

  * libssh: Buffer underflow in ssh_get_hexa() on invalid input (CVE-2026-0966)
  * libssh: Improper sanitation of paths received from SCP servers (CVE-2026-0964)
  * libssh: libssh: Denial of Service via improper configuration file handling (CVE-2026-0965)
  * libssh: libssh: Denial of Service via inefficient regular expression processing (CVE-2026-0967)
  * libssh: libssh: Denial of Service due to malformed SFTP message (CVE-2026-0968)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  

Additional Changes:  

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libssh-0.12.0-2.el10.aarch64.rpm	047c4f1539fbef35fcdef2cacd407e9afcc8a439ac36b5d1b2a7587b606e3f2d
aarch64	libssh-devel-0.12.0-2.el10.aarch64.rpm	bee69410179120b2d2baf974a4433d2c54693a639d7f4cad2f251e02b4b62910
noarch	libssh-config-0.12.0-2.el10.noarch.rpm	c135864c89e79627744281f8c685d0a001a881683e217ae1e018d595ac7a2ed6
ppc64le	libssh-0.12.0-2.el10.ppc64le.rpm	661adf9e7d7695e8cb9558ebd5e6a57fcfad450c20a2a1683fb7b82b1e6cc9ca
ppc64le	libssh-devel-0.12.0-2.el10.ppc64le.rpm	e48f9e05094958b88cdf60c71ad84947d8c308889a3fead29b92b16b0ecd3849
s390x	libssh-devel-0.12.0-2.el10.s390x.rpm	721bab56a2867eafceaac56e88458c10956e701f9f57faec2d96c3505dd165be
s390x	libssh-0.12.0-2.el10.s390x.rpm	f1b5f6920f448f284b0c0b46d524f2099b32013fbf15530e88b3c2ee7a21503d
x86_64	libssh-0.12.0-2.el10.x86_64.rpm	8caf119f46bf8271ac0ee6a9e62988ed399c7fe0978a044ef7218681acf8ec37
x86_64	libssh-devel-0.12.0-2.el10.x86_64.rpm	c607b128073e57795ba7a576a747bb792f7ae6e9287cca7bc4488efeec45da7b
x86_64_v2	libssh-devel-0.12.0-2.el10.x86_64_v2.rpm	9a924029044043e06690f1cd3c2851532acdab730fc6bd2e98a91c0687a774be
x86_64_v2	libssh-0.12.0-2.el10.x86_64_v2.rpm	c96367464b677f983781b11df03e041beb29e2931362281b97643e8c668b972d

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.