Release date:
2026-03-20 11:52:11 UTC
Description:
* SECURITY UPDATE: out-of-bounds read in sftp extension name handler
- debian/patches/CVE-2026-3731.patch: fix off-by-one bounds check
in sftp_extensions_get_name and sftp_extensions_get_data
- CVE-2026-3731
Updated packages:
-
libssh-4_0.9.3-2ubuntu2.5+tuxcare.els3_amd64.deb
sha:814ce8ea0ed92934291aab0aabbe7190c485088b
-
libssh-dev_0.9.3-2ubuntu2.5+tuxcare.els3_amd64.deb
sha:575f56c4d63dcca2ac8a3f96cd271bb05b26f13a
-
libssh-doc_0.9.3-2ubuntu2.5+tuxcare.els3_all.deb
sha:75582f9d7d354b19b3f95daf220c644b740b4c30
-
libssh-gcrypt-4_0.9.3-2ubuntu2.5+tuxcare.els3_amd64.deb
sha:292f53d40dd113420a698941906df06c4a070962
-
libssh-gcrypt-dev_0.9.3-2ubuntu2.5+tuxcare.els3_amd64.deb
sha:7ed8fa0c0812f94d8662c82255bbc4548e068521
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
