Release date:
2026-07-14 22:56:36 UTC
Description:
* SECURITY UPDATE: potential multiplication overflow in the publickey
subsystem leading to a heap buffer overflow on 32-bit platforms
- debian/patches/CVE-2026-58050.patch: cap the publickey attribute
count at 1024, and zero-initialise the freshly (re)allocated list
entry before parsing to avoid a free of uninitialised memory on the
new bounds-check error path, in libssh2_publickey_list_fetch() in
src/publickey.c
- CVE-2026-58050
Updated packages:
-
libssh2-1_1.8.0-2.1+deb10u1+tuxcare.els2_amd64.deb
sha:eff983ded23a0d351f283d9db79cc9b4da60fda0
-
libssh2-1-dev_1.8.0-2.1+deb10u1+tuxcare.els2_amd64.deb
sha:fff1e55a6017172730f7091021911c463025e01b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.