Release date:
2026-04-30 11:01:40 UTC
Description:
- CVE-2026-35385: when downloading files as root in legacy (-O) mode and
without the -p (preserve modes) flag, scp(1) did not clear setuid/setgid
bits from downloaded files. Backport upstream commit 487e8ac1 to mask
out the setuid/setgid bits in this case.
Updated packages:
-
openssh-8.0p1-24.el8.tuxcare.els7.x86_64.rpm
sha:97b6370ed6f7ee4efd7ce99c3f9392ed8651eca04906fafe3f890d725c70a6a5
-
openssh-askpass-8.0p1-24.el8.tuxcare.els7.x86_64.rpm
sha:ce7675c670054fc949a4154e29e4ce8e21efe6b6f54958f57ad5ac1d3c050528
-
openssh-cavs-8.0p1-24.el8.tuxcare.els7.x86_64.rpm
sha:9379d33a2e0040773a843582654926914c8c277e8d363c5b6c4a7765639b8eb3
-
openssh-clients-8.0p1-24.el8.tuxcare.els7.x86_64.rpm
sha:12892d60f3e8b90733f95b3e6fa1abb1936ded7599d8c0fca0698cbb6c41ad94
-
openssh-keycat-8.0p1-24.el8.tuxcare.els7.x86_64.rpm
sha:f1d15d948ed54cd8c86359862ecf936d10a57920afa3b1dcff4e2b07b93ffce2
-
openssh-ldap-8.0p1-24.el8.tuxcare.els7.x86_64.rpm
sha:293749148353c175bda80d800abf615cf6a8a24f685954bc752371dc5e680808
-
openssh-server-8.0p1-24.el8.tuxcare.els7.x86_64.rpm
sha:71ac548d2628fbc257e1fa947c637e29e4ec8c2656fc16ef6becc8276a08a58e
-
pam_ssh_agent_auth-0.10.3-7.24.el8.tuxcare.els7.x86_64.rpm
sha:eeeeda9b5c0de2c097225f19923b6c34b428bd32911f664113fa8959d7593318
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
