Issued at: 2026-01-17
Updated at: 2026-01-21
Synopsis
Moderate: vsftpd security update
Description
The vsftpd packages include a Very Secure File Transfer Protocol (FTP) daemon, which is used to serve files over a network.
Security Fix(es):
* vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing (CVE-2025-14242)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected products
Rocky Linux 9 aarch64
Rocky Linux 9 ppc64le
Rocky Linux 9 s390x
Rocky Linux 9 x86_64
Fixes
2419826
CVEs
CVE-2025-14242
Affected packages
Rocky Linux 9 aarch64 - AppStream
vsftpd-0:3.0.5-6.el9_7.2.aarch64.rpm
vsftpd-0:3.0.5-6.el9_7.2.src.rpm
vsftpd-debuginfo-0:3.0.5-6.el9_7.2.aarch64.rpm
vsftpd-debugsource-0:3.0.5-6.el9_7.2.aarch64.rpm
Rocky Linux 9 ppc64le - AppStream
vsftpd-0:3.0.5-6.el9_7.2.ppc64le.rpm
vsftpd-0:3.0.5-6.el9_7.2.src.rpm
vsftpd-debuginfo-0:3.0.5-6.el9_7.2.ppc64le.rpm
vsftpd-debugsource-0:3.0.5-6.el9_7.2.ppc64le.rpm
Rocky Linux 9 s390x - AppStream
vsftpd-0:3.0.5-6.el9_7.2.s390x.rpm
vsftpd-0:3.0.5-6.el9_7.2.src.rpm
vsftpd-debuginfo-0:3.0.5-6.el9_7.2.s390x.rpm
vsftpd-debugsource-0:3.0.5-6.el9_7.2.s390x.rpm
Rocky Linux 9 x86_64 - AppStream
vsftpd-0:3.0.5-6.el9_7.2.src.rpm
vsftpd-0:3.0.5-6.el9_7.2.x86_64.rpm
vsftpd-debuginfo-0:3.0.5-6.el9_7.2.x86_64.rpm
vsftpd-debugsource-0:3.0.5-6.el9_7.2.x86_64.rpm