Release date:
2026-04-30 09:54:02 UTC
Description:
* SECURITY UPDATE: scp setuid/setgid bit handling
- debian/patches/CVE-2026-35385.patch: when downloading files as root
in legacy (-O) mode and without the -p (preserve modes) flag, mask
out setuid/setgid bits in scp(1) sink().
- CVE-2026-35385
Updated packages:
-
openssh-client_7.2p2-4ubuntu2.10+tuxcare.els8_amd64.deb
sha:0559be92eda25a9ab27694f4204afbfec49cd0c1
-
openssh-client-ssh1_7.2p2-4ubuntu2.10+tuxcare.els8_amd64.deb
sha:5bce2c73f32a99ce0cb2011b0325056393fc243e
-
openssh-server_7.2p2-4ubuntu2.10+tuxcare.els8_amd64.deb
sha:3f167908ba00c1d70c7bc2d9cedede36bcbba473
-
openssh-sftp-server_7.2p2-4ubuntu2.10+tuxcare.els8_amd64.deb
sha:1435c2eacd771205210275cafd3f5fe8fa92723e
-
ssh_7.2p2-4ubuntu2.10+tuxcare.els8_all.deb
sha:9c1584e5b9c68801878dd740e7898e8334e6551c
-
ssh-askpass-gnome_7.2p2-4ubuntu2.10+tuxcare.els8_amd64.deb
sha:eef59b8a5fbf642bf6ebe5b8e2254ae5f361f84c
-
ssh-krb5_7.2p2-4ubuntu2.10+tuxcare.els8_all.deb
sha:6c1f538eec7c3f5fbecbb7842fdaed4d4c947809
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
