[CLSA-2026:1777585781] openssh: Fix of CVE-2026-35386
Type:
security
Severity:
Important
Release date:
2026-04-30 21:49:47 UTC
Description:
- CVE-2026-35386: fix client-side command execution via control characters in usernames by adding iscntrl rejection to valid_ruser
Updated packages:
  • openssh-7.4p1-23.0.3.el7_9.tuxcare.els5.x86_64.rpm
    sha:1faa647735ae7e43364241a5dc433158dc73d8d25124ceb0fe6ceacfdd7c4dd5
  • openssh-askpass-7.4p1-23.0.3.el7_9.tuxcare.els5.x86_64.rpm
    sha:fa5543209df36d9b5cfb61f30ef57c4475153bd125d8779f4d0bab755214d3fd
  • openssh-cavs-7.4p1-23.0.3.el7_9.tuxcare.els5.x86_64.rpm
    sha:2dbefc0bf824a3d1c0e70339202b1c7e549e44038052f7404efc2174a6a223de
  • openssh-clients-7.4p1-23.0.3.el7_9.tuxcare.els5.x86_64.rpm
    sha:354a38fa95e91a622a7decfd9ff35e0d27e9ade3cf496b8eec88cd4f755c5fb7
  • openssh-keycat-7.4p1-23.0.3.el7_9.tuxcare.els5.x86_64.rpm
    sha:0b80f478a9382ba3371ca39479f0aff4064758ad6446480fd7049413f9baae1f
  • openssh-ldap-7.4p1-23.0.3.el7_9.tuxcare.els5.x86_64.rpm
    sha:b70024980f43e175e036cf4ae47f687654b5eecd8f97188640650c1446d1212a
  • openssh-server-7.4p1-23.0.3.el7_9.tuxcare.els5.x86_64.rpm
    sha:cdb0cec45eada0437b939f5f54de305bd54ca7254ed99aae814ba7f5e116840e
  • openssh-server-sysvinit-7.4p1-23.0.3.el7_9.tuxcare.els5.x86_64.rpm
    sha:c4da139dd7d94515827cee3866b2880796be235384577420db00bd0e6b21bd81
  • pam_ssh_agent_auth-0.10.3-2.23.0.3.el7_9.tuxcare.els5.i686.rpm
    sha:6e736e0ec1d118729ff098bbe4d6849055525692611d8dbd97db9e26900a91cd
  • pam_ssh_agent_auth-0.10.3-2.23.0.3.el7_9.tuxcare.els5.x86_64.rpm
    sha:df1efb1ace102d17ada0e06999406c95b7a859416d86d7b537ea7b9d0884be58
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.