Release date:
2026-04-30 21:57:30 UTC
Description:
* SECURITY UPDATE: scp(1) downloading as root in legacy mode without -p
did not clear setuid/setgid bits on downloaded files.
- debian/patches/CVE-2026-35385.patch: clear setuid/setgid bits from
umask in sink() when -p is not set
- CVE-2026-35385
Updated packages:
-
openssh-client_7.9p1-10+deb10u4+tuxcare.els3_amd64.deb
sha:c6ea4da595402d5dc17a07750b61000c0fd39acf
-
openssh-server_7.9p1-10+deb10u4+tuxcare.els3_amd64.deb
sha:e05ca345de386401865c97f55a36dbccc476d7cf
-
openssh-sftp-server_7.9p1-10+deb10u4+tuxcare.els3_amd64.deb
sha:08bed9560d0db98c241e34e4d4296ce3e4deab8f
-
openssh-tests_7.9p1-10+deb10u4+tuxcare.els3_amd64.deb
sha:211377b425bf7f922397a551c0d222d1e42604bf
-
ssh_7.9p1-10+deb10u4+tuxcare.els3_all.deb
sha:65c3e406e9f5962247ee066b11fff177fa8ce180
-
ssh-askpass-gnome_7.9p1-10+deb10u4+tuxcare.els3_amd64.deb
sha:71674ed17c1b7cfcf9c343c4483848bba34336c4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
