Release date:
2026-04-30 16:48:12 UTC
Description:
* SECURITY UPDATE: scp setuid/setgid bit handling
- debian/patches/CVE-2026-35385.patch: when downloading files as root
in legacy (-O) mode and without the -p (preserve modes) flag, mask
out setuid/setgid bits in scp(1) sink().
- CVE-2026-35385
Updated packages:
-
openssh-client_7.6p1-4ubuntu0.7+tuxcare.els9_amd64.deb
sha:887761af8d27b6b7690f748b0d9388399fe4413e
-
openssh-server_7.6p1-4ubuntu0.7+tuxcare.els9_amd64.deb
sha:9a26b2f9e302386fe09174dbcf53a3431fba1733
-
openssh-sftp-server_7.6p1-4ubuntu0.7+tuxcare.els9_amd64.deb
sha:35a2a9c755310115fd022f9b9aea0a686b60bd0a
-
ssh_7.6p1-4ubuntu0.7+tuxcare.els9_all.deb
sha:21a7967e181779ab0d39fe303b0a500e0b181f19
-
ssh-askpass-gnome_7.6p1-4ubuntu0.7+tuxcare.els9_amd64.deb
sha:f3cd1a582c991cb70c0a472c98652683ebca4ac5
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
