Release date:
2026-04-27 13:32:11 UTC
Description:
* SECURITY UPDATE: mishandling of authorized_keys principals option
- debian/patches/CVE-2026-35414.patch: replace match_list() with
xstrdup + strsep + exact strcmp in match_principals_option() in
auth2-pubkey.c, so certificate principals containing embedded
commas are no longer wrongly cross-matched.
- CVE-2026-35414
Updated packages:
-
openssh-client_8.2p1-4ubuntu0.13+tuxcare.els2_amd64.deb
sha:9dd4c5be24232e421779af8b08a67b3211b4e001
-
openssh-server_8.2p1-4ubuntu0.13+tuxcare.els2_amd64.deb
sha:144d7de05a1c0fea3bdf56b141dba32be368bcee
-
openssh-sftp-server_8.2p1-4ubuntu0.13+tuxcare.els2_amd64.deb
sha:2e4174e0af781f35b73ab66022b1ff1aff64a6ce
-
openssh-tests_8.2p1-4ubuntu0.13+tuxcare.els2_amd64.deb
sha:c2fb051b0731b15ab83a24031cd0fb021a4cc75c
-
ssh_8.2p1-4ubuntu0.13+tuxcare.els2_all.deb
sha:144cc3e13fcba0867f7a80184f1ee428ace4520d
-
ssh-askpass-gnome_8.2p1-4ubuntu0.13+tuxcare.els2_amd64.deb
sha:6a316c5541451338b205c7b6e0ab9ac766f08540
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
