Release date:
2025-09-24 09:15:59 UTC
Description:
* SECURITY UPDATE: out-of-bounds read in sftp_handle function
- debian/patches/CVE-2025-5318.patch: fix possible buffer overrun issue in
sftpserver.c by changing conditional from val > SFTP_HANDLES to val >=
SFTP_HANDLES
- CVE-2025-5318
Updated packages:
-
libssh-4_0.6.3-4.3ubuntu0.6+tuxcare.els2_amd64.deb
sha:09265fb960981a81e39cdaef03521f912426a3e7
-
libssh-dev_0.6.3-4.3ubuntu0.6+tuxcare.els2_amd64.deb
sha:ded71b235fcf31ff311d07744d16e16ec80104ab
-
libssh-doc_0.6.3-4.3ubuntu0.6+tuxcare.els2_all.deb
sha:29622ae57d3c14763382c2ec680f9e5d7459cd09
-
libssh-gcrypt-4_0.6.3-4.3ubuntu0.6+tuxcare.els2_amd64.deb
sha:cbdd1a13e1d78ca22cc0297bb98ae9e57748c396
-
libssh-gcrypt-dev_0.6.3-4.3ubuntu0.6+tuxcare.els2_amd64.deb
sha:3c12463fa386c70adc4f128b95c14149984b2cc2
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
