ALSA-2026:0608

[ALSA-2026:0608] Moderate: vsftpd security update

Type:

security

Severity:

moderate

Release date:

2026-01-16

Description:

The vsftpd packages include a Very Secure File Transfer Protocol (FTP) daemon, which is used to serve files over a network.  

Security Fix(es):  

  * vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing (CVE-2025-14242)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	vsftpd-3.0.3-36.el8_10.3.aarch64.rpm	cddcfc122decb63a5289241dc52175a9f5507e6df4bc961a2f51fcfd4c2eac81
ppc64le	vsftpd-3.0.3-36.el8_10.3.ppc64le.rpm	1cb95e9b7e9b2f3ea4bd3d427340bf00c7c5b81cb15379b6f02d3fe9b20a4b90
s390x	vsftpd-3.0.3-36.el8_10.3.s390x.rpm	4a698fbb82e4a42f7ad7ba9b2fdb07886f32ba4556e5a2e202ee2ddb09d231e3
x86_64	vsftpd-3.0.3-36.el8_10.3.x86_64.rpm	b8657089bd1d0f1ce401de2d5eae909d47fe11754b73ed71601d4efea3fb11a4

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.