Release date:
2026-04-16 15:26:02 UTC
Description:
* SECURITY UPDATE: null pointer dereference and out-of-bounds read in
sftp_parse_longname when processing malformed SSH_FXP_NAME messages
- debian/patches/CVE-2026-0968.patch: add null check, input
validation, and end-of-string guards in sftp_parse_longname
- CVE-2026-0968
Updated packages:
-
libssh-4_0.9.3-2ubuntu2.5+tuxcare.els4_amd64.deb
sha:e1d7cfe98a5f34e94ee5ea6b1e6f3b45573a2cd7
-
libssh-dev_0.9.3-2ubuntu2.5+tuxcare.els4_amd64.deb
sha:c273fe492238affc71c8a526c334d2d9209d6840
-
libssh-doc_0.9.3-2ubuntu2.5+tuxcare.els4_all.deb
sha:e7c3f725d864573e0ec7f042d9ee3d07d7ee3247
-
libssh-gcrypt-4_0.9.3-2ubuntu2.5+tuxcare.els4_amd64.deb
sha:10db60f15689c3b66b5a3dd291e263d15971ad5f
-
libssh-gcrypt-dev_0.9.3-2ubuntu2.5+tuxcare.els4_amd64.deb
sha:a379f5237665a9a21f23d9f6adefd3ea1456d006
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
