Release date:
2026-05-21 13:09:29 UTC
Description:
* SECURITY UPDATE: integer overflow in compressed-token decoder
- debian/patches/CVE-2026-43618.patch: cap rx_token at MAX_TOKEN_INDEX
and reject over-long simple_recv_token literal chunks to prevent
remote memory disclosure via crafted compressed stream
- CVE-2026-43618
Updated packages:
-
rsync_3.1.1-3ubuntu1.3+tuxcare.els8_amd64.deb
sha:db7d87a6c3e95d54a2cb9eb1c7d6fc01f8b85013
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
