An update for libssh is now available for openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1560 Final 1.0 1.0 2026-03-15 Initial 2026-03-15 2026-03-15 openEuler SA Tool V1.0 2026-03-15 libssh security update An update for libssh is now available for openEuler-24.03-LTS-SP3 The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto (from openssl). Security Fix(es): (CVE-2026-0964) (CVE-2026-0965) (CVE-2026-0966) (CVE-2026-0967) (CVE-2026-0968) A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component.(CVE-2026-3731) An update for libssh is now available for openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical libssh https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1560 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0964 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0965 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0966 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0967 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0968 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-3731 https://nvd.nist.gov/vuln/detail/CVE-2026-0964 https://nvd.nist.gov/vuln/detail/CVE-2026-0965 https://nvd.nist.gov/vuln/detail/CVE-2026-0966 https://nvd.nist.gov/vuln/detail/CVE-2026-0967 https://nvd.nist.gov/vuln/detail/CVE-2026-0968 https://nvd.nist.gov/vuln/detail/CVE-2026-3731 openEuler-24.03-LTS-SP3 libssh-0.10.5-10.oe2403sp3.aarch64.rpm libssh-debuginfo-0.10.5-10.oe2403sp3.aarch64.rpm libssh-debugsource-0.10.5-10.oe2403sp3.aarch64.rpm libssh-devel-0.10.5-10.oe2403sp3.aarch64.rpm libssh-0.10.5-10.oe2403sp3.src.rpm libssh-0.10.5-10.oe2403sp3.x86_64.rpm libssh-debuginfo-0.10.5-10.oe2403sp3.x86_64.rpm libssh-debugsource-0.10.5-10.oe2403sp3.x86_64.rpm libssh-devel-0.10.5-10.oe2403sp3.x86_64.rpm libssh-help-0.10.5-10.oe2403sp3.noarch.rpm 2026-03-15 CVE-2026-0964 openEuler-24.03-LTS-SP3 Medium 5.0 AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L libssh security update 2026-03-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1560 2026-03-15 CVE-2026-0965 openEuler-24.03-LTS-SP3 Low 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L libssh security update 2026-03-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1560 2026-03-15 CVE-2026-0966 openEuler-24.03-LTS-SP3 Medium 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L libssh security update 2026-03-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1560 2026-03-15 CVE-2026-0967 openEuler-24.03-LTS-SP3 Low 2.2 AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L libssh security update 2026-03-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1560 2026-03-15 CVE-2026-0968 openEuler-24.03-LTS-SP3 Low 3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L libssh security update 2026-03-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1560 A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component. 2026-03-15 CVE-2026-3731 openEuler-24.03-LTS-SP3 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H libssh security update 2026-03-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1560