[CLSA-2026:1774528369] openssh: Fix of 3 CVEs
Type:
security
Severity:
Moderate
Release date:
2026-03-26 12:32:54 UTC
Description:
- CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory permissions via crafted filenames - CVE-2019-6109: fix scp client where a malicious server could manipulate the client's progress display output due to missing character encoding - CVE-2019-6111: fix scp client vulnerability that allowed a malicious server to overwrite arbitrary files in the client's target directory, including subdirectories, when performing transfers
Updated packages:
  • openssh-7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64.rpm
    sha:9156c18bf6a9bb4cdf9cf33e7489e9eb81c5139609bacdf95c99535f5e9ca6ac
  • openssh-askpass-7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64.rpm
    sha:ab62de57ad70c130d920f051855b8256b37b58656715d140f0e37578c5231c2b
  • openssh-cavs-7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64.rpm
    sha:878c9f2bdf1bed0c0083025c7c50dfe941479d0c3e96d5d15a774233f5e945ea
  • openssh-clients-7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64.rpm
    sha:aa1b32cbbe89f6b321de3de4aa56d41fd5943ccb67fd71b97ddf0fb6a3b0b3ff
  • openssh-keycat-7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64.rpm
    sha:5da7996343380122956897472579ad5b313c37dd50b7da3c933cef5fe07341b2
  • openssh-ldap-7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64.rpm
    sha:f66b1de5b657c70f81f27f021e4d7e0eb17678bbf75db38404bc59171f2664cb
  • openssh-server-7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64.rpm
    sha:e2028f48cc22f0650db9c8ec76e9c1b2e7ca343eaa79867773cdfe3db89c5c57
  • openssh-server-sysvinit-7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64.rpm
    sha:187c8479082fb8446948536cce2624285369d4efdcdb59418dd77c2485b87fd7
  • pam_ssh_agent_auth-0.10.3-2.23.0.3.el7_9.tuxcare.els3.i686.rpm
    sha:ce55561ed42fe9c529f05adaade0ab9642ffac6a4fc8f07ad36c0ad04fc852a8
  • pam_ssh_agent_auth-0.10.3-2.23.0.3.el7_9.tuxcare.els3.x86_64.rpm
    sha:c46a1243de82cdcd32e63f3ddcb0c66807765655afdd10241e67ada6424cfdf8
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.