[CLSA-2026:1784069914] Fix CVE(s): CVE-2026-58050
Type:
security
Severity:
Important
Release date:
2026-07-14 22:58:46 UTC
Description:
* SECURITY UPDATE: potential multiplication overflow in the publickey subsystem leading to a heap buffer overflow on 32-bit platforms - debian/patches/CVE-2026-58050.patch: cap the publickey attribute count at 1024, and zero-initialise the freshly (re)allocated list entry before parsing to avoid a free of uninitialised memory on the new bounds-check error path, in libssh2_publickey_list_fetch() in src/publickey.c - CVE-2026-58050
CVEs fixed:
Updated packages:
  • libssh2-1_1.5.0-2ubuntu0.1+tuxcare.els6_amd64.deb
    sha:4de5dde21e0e1ddcea7d29b9d1d6e87d5d92af16
  • libssh2-1-dev_1.5.0-2ubuntu0.1+tuxcare.els6_amd64.deb
    sha:c9ecbacc50ee4694b6bfbebbaa0d0c08751e0a25
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.