Severity:
('Low', ['ELSCVE-89211'])
Release date:
2026-04-16 18:09:34 UTC
Description:
* SECURITY UPDATE: heap read past bounds in sftp_parse_longname from
malicious SFTP longname field
- debian/patches/CVE-2026-0968.patch: validate longname pointer and
longname_field; bound string walks at NUL; fail if field not found
- CVE-2026-0968
Updated packages:
-
libssh-4_0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els4_amd64.deb
sha:04f54d4acb858e9add55438fa2fee2bfd898f821
-
libssh-dev_0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els4_amd64.deb
sha:57c755e325fe4bf60d84ce59d7fd91c7a0d43cca
-
libssh-doc_0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els4_all.deb
sha:baf078d58e2de7eb990218999ff75d9ff3486217
-
libssh-gcrypt-4_0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els4_amd64.deb
sha:0dbbe6bcfc4d0a26e29cb94ef1e3c4fe18a71dbe
-
libssh-gcrypt-dev_0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els4_amd64.deb
sha:01b98756172767e941d4da968a6f7b3bdaa6bbb0
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
