File _patchinfo of Package patchinfo.42763

<patchinfo incident="42763">
  <issue tracker="cve" id="2026-0964"/>
  <issue tracker="cve" id="2026-0968"/>
  <issue tracker="cve" id="2026-0966"/>
  <issue tracker="cve" id="2026-0965"/>
  <issue tracker="cve" id="2026-0967"/>
  <issue tracker="bnc" id="1258080">VUL-0: CVE-2026-0968: libssh: Denial of Service due to malformed SFTP message</issue>
  <issue tracker="bnc" id="1258045">VUL-0: CVE-2026-0965: libssh: Denial of Service via improper configuration file handling</issue>
  <issue tracker="bnc" id="1258054">VUL-0: CVE-2026-0966: libssh: Buffer underflow in ssh_get_hexa() on invalid input</issue>
  <issue tracker="bnc" id="1258049">VUL-0: CVE-2026-0964: libssh: Improper sanitation of paths received from SCP servers</issue>
  <issue tracker="bnc" id="1258081">VUL-0: CVE-2026-0967: libssh: Denial of Service via inefficient regular expression processing</issue>
  <packager>pmonrealgonzalez</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for libssh</summary>
  <description>This update for libssh fixes the following issues:

- CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049).
- CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045).
- CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054).
- CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081).
- CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080).
</description>
</patchinfo>