[CLSA-2026:1773929316] Fix CVE(s): CVE-2026-3731

Type:

security

Severity:

Important

Release date:

2026-03-19 14:08:41 UTC

Description:

   * SECURITY UPDATE: remote out-of-bounds read in SFTP extension name handler
     - debian/patches/CVE-2026-3731.patch: Fix out-of-bound read from sftp
       extensions; correct index comparison from '>' to '>=' and prevent access
       past extension count.
     - CVE-2026-3731

Updated packages:

libssh-4_0.6.3-4.3ubuntu0.6+tuxcare.els3_amd64.deb
sha:0aad5a6c2d569acd27931d47234372dfa532e592
libssh-dev_0.6.3-4.3ubuntu0.6+tuxcare.els3_amd64.deb
sha:f677d93406c7be7e6d851b5f0716d919b4c9eee1
libssh-doc_0.6.3-4.3ubuntu0.6+tuxcare.els3_all.deb
sha:bc54b93e4d5c4882494935d2287b69cf8d1f84f5
libssh-gcrypt-4_0.6.3-4.3ubuntu0.6+tuxcare.els3_amd64.deb
sha:68601083498043294952d485e0aa4016070ea4db
libssh-gcrypt-dev_0.6.3-4.3ubuntu0.6+tuxcare.els3_amd64.deb
sha:b4196b16f6aa3954add5e31cc19a9592173b602d

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.