[CLSA-2026:1778233696] openssh: Fix of CVE-2026-35386
Type:
security
Severity:
Important
Release date:
2026-05-08 09:48:20 UTC
Description:
- CVE-2026-35386: fix client-side command execution via control characters in usernames by adding iscntrl rejection to valid_ruser
Updated packages:
  • openssh-5.3p1-125.el6.tuxcare.els9.x86_64.rpm
    sha:b8baa82f47b61925cf5cc68528f5fb78692e56525afdf005e64350b0c8094199
  • openssh-askpass-5.3p1-125.el6.tuxcare.els9.x86_64.rpm
    sha:3748eea42f270936bca5811edcbbe72a1bffb13cf99a33104330f443738704ad
  • openssh-clients-5.3p1-125.el6.tuxcare.els9.x86_64.rpm
    sha:3e2a61343f0fb09c78440208224419c13022eba44eda8c0bee3872ef513cc394
  • openssh-ldap-5.3p1-125.el6.tuxcare.els9.x86_64.rpm
    sha:fe135e74fff082e4144a70f0cb2ae04e46f4f4e8707ba13c2d0f7986731ddfd8
  • openssh-server-5.3p1-125.el6.tuxcare.els9.x86_64.rpm
    sha:b155358d925c0ec7b81a712f60f1f43252cfc0df94d7c88e62e1c06ac6d7b457
  • pam_ssh_agent_auth-0.9.3-125.el6.tuxcare.els9.i686.rpm
    sha:7fb9c02dcdafcdaf84727984141baa6fae0dd9ab3dd482570155e954c171e954
  • pam_ssh_agent_auth-0.9.3-125.el6.tuxcare.els9.x86_64.rpm
    sha:aa7edea7360bc3ffd9c6ef365f5ecc3ead1a1bce9bc912dbdafe4f69f48cb0d5
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.