Severity:
('Low', ['ELSCVE-89203'])
Release date:
2026-04-16 17:49:13 UTC
Description:
* SECURITY UPDATE: heap read past bounds in sftp_parse_longname from
malicious SFTP longname field
- debian/patches/CVE-2026-0968.patch: validate longname pointer and
longname_field; bound string walks at NUL; fail if field not found
- CVE-2026-0968
Updated packages:
-
libssh-4_0.6.3-4.3ubuntu0.6+tuxcare.els4_amd64.deb
sha:b97b1c8074ba4b88c97341c5c68dfc46f56e4e25
-
libssh-dev_0.6.3-4.3ubuntu0.6+tuxcare.els4_amd64.deb
sha:d4cd257aff563e5c4c1a56e6a1bd822369eff7ca
-
libssh-doc_0.6.3-4.3ubuntu0.6+tuxcare.els4_all.deb
sha:2be9e4850c59dcb2a1a58d79b83ae2d1a47f85df
-
libssh-gcrypt-4_0.6.3-4.3ubuntu0.6+tuxcare.els4_amd64.deb
sha:4c1637f99d6780380ff778465aad0ec63730e91c
-
libssh-gcrypt-dev_0.6.3-4.3ubuntu0.6+tuxcare.els4_amd64.deb
sha:b5ffc5962b30f1e9c0d53a81fe80f7e617ed30bf
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
