[Apollo] Advisories Statistics light light Login

RLSA-2026:0608

Security Mirrored from RHSA-2026:0608
Issued at: 2026-01-15
Updated at: 2026-01-21

Synopsis

Moderate: vsftpd security update



Description

The vsftpd packages include a Very Secure File Transfer Protocol (FTP) daemon, which is used to serve files over a network.

Security Fix(es):

* vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing (CVE-2025-14242)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2419826

CVEs

CVE-2025-14242

Affected packages

Rocky Linux 8 aarch64 - AppStream

vsftpd-0:3.0.3-36.el8_10.3.aarch64.rpm vsftpd-0:3.0.3-36.el8_10.3.src.rpm vsftpd-debuginfo-0:3.0.3-36.el8_10.3.aarch64.rpm vsftpd-debugsource-0:3.0.3-36.el8_10.3.aarch64.rpm

Rocky Linux 8 x86_64 - AppStream

vsftpd-0:3.0.3-36.el8_10.3.src.rpm vsftpd-0:3.0.3-36.el8_10.3.x86_64.rpm vsftpd-debuginfo-0:3.0.3-36.el8_10.3.x86_64.rpm vsftpd-debugsource-0:3.0.3-36.el8_10.3.x86_64.rpm