Release date:
2026-03-19 18:19:44 UTC
Description:
* SECURITY UPDATE: out-of-bounds read from manipulated SFTP extension index
- debian/patches/CVE-2026-3731.patch: Fix out-of-bound read in sftp
extensions by replacing '>' with '>=' in index checks; cause: off-by-one
error in index comparison allowing idx equal count.
- CVE-2026-3731
Updated packages:
-
libssh-4_0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els3_amd64.deb
sha:e0ac5c633ae8f18c8a2a59df4cccf76d3331985f
-
libssh-dev_0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els3_amd64.deb
sha:a3cd1288f6eec2b3c2e248f547f53313ab07bf70
-
libssh-doc_0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els3_all.deb
sha:3d49c6e9a79c0e23fc03feff8954525c73f1e6ba
-
libssh-gcrypt-4_0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els3_amd64.deb
sha:3740f465bf66f6c7a2cd4db997d0df884ba48a9f
-
libssh-gcrypt-dev_0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els3_amd64.deb
sha:42bcd625f6c1a54546d80016055d13465a4aef93
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
