ALSA-2026:0605

[ALSA-2026:0605] Moderate: vsftpd security update

Type:

security

Severity:

moderate

Release date:

2026-01-16

Description:

The vsftpd packages include a Very Secure File Transfer Protocol (FTP) daemon, which is used to serve files over a network.  

Security Fix(es):  

  * vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing (CVE-2025-14242)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	vsftpd-3.0.5-6.el9_7.2.aarch64.rpm	7f9c3c140ade473b6c3035d64fa1c7906a520ca072a94037b84e18b276f85e97
ppc64le	vsftpd-3.0.5-6.el9_7.2.ppc64le.rpm	99123e570928482703934bdaeac17a5dc8f10b57a96335ef7b51982491842257
s390x	vsftpd-3.0.5-6.el9_7.2.s390x.rpm	6de167b6f495ad6e44c257116680c3a18c6f598ca63d8899e4007f6ebea1a1a8
x86_64	vsftpd-3.0.5-6.el9_7.2.x86_64.rpm	8efb64aea738a93e7e63a76232ddcce621ea63c4e865f48862b77d5a58f2de8b

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.