This update for libssh fixes the following issues:
- CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler (bsc#1259377).
- CVE-2026-0964: SCP protocol path traversal in
ssh_scp_pull_request() (bsc#1258049).
- CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045).
- CVE-2026-0966: buffer underflow in
ssh_get_hexa() on invalid input (bsc#1258054).
- CVE-2026-0967: specially crafted patterns could cause a denial of service (bsc#1258081).
- CVE-2026-0968: out-of-bounds read in
sftp_parse_longname() (bsc#1258080).