Release date:
2026-05-21 13:15:57 UTC
Description:
* SECURITY UPDATE: integer overflow in compressed-token decoder
- debian/patches/CVE-2026-43618.patch: cap rx_token at MAX_TOKEN_INDEX
and reject over-long simple_recv_token literal chunks to prevent
remote memory disclosure via crafted compressed stream
- CVE-2026-43618
Updated packages:
-
rsync_3.1.2-2.1ubuntu1.6+tuxcare.els6_amd64.deb
sha:45615dfd84b2fb35e86611a7cb14e5fa88922d21
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
