[ALSA-2026:0606] Moderate: vsftpd security update
Type:
security
Severity:
moderate
Release date:
2026-01-16
Description:
The vsftpd packages include a Very Secure File Transfer Protocol (FTP) daemon, which is used to serve files over a network. Security Fix(es): * vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing (CVE-2025-14242) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 vsftpd-3.0.5-10.el10_1.1.aarch64.rpm 7812fb889c320feadd3990a27ad75a6a002ffab23dc9d2fc1f7be8c06e1e3f01
ppc64le vsftpd-3.0.5-10.el10_1.1.ppc64le.rpm 44c3e03090f7c03734d8018c036e734bc89052c1fc99aa9293748a4422c12bab
s390x vsftpd-3.0.5-10.el10_1.1.s390x.rpm 109829d0776c64c212e88e26d0e12dd45bcee05b2d84a9d44fe3b10fead6ab74
x86_64 vsftpd-3.0.5-10.el10_1.1.x86_64.rpm a60d76f0cd0ff4663e9648edf56efb4d36db57d2c17cf8391a9ddfea4b19ca65
x86_64_v2 vsftpd-3.0.5-10.el10_1.1.x86_64_v2.rpm 2077a6c31affedd99513cda8809bdfaa6e8eee8d4bee775677c47eb8e83c3c1d
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.