[CLSA-2026:1774366569] Fix CVE(s): CVE-2026-3497

Type:

security

Severity:

Important

Release date:

2026-03-24 15:36:14 UTC

Description:

   * SECURITY UPDATE: pre-auth crash via GSSAPI key exchange
     - debian/patches/CVE-2026-3497.patch: replace sshpkt_disconnect() with
       ssh_packet_disconnect() and initialize gss_buffer_desc variables in
       kexgssc.c, kexgsss.c.
     - CVE-2026-3497

Updated packages:

openssh-client_8.2p1-4ubuntu0.13+tuxcare.els1_amd64.deb
sha:47ff9a27962a8d039c869b5835e2384a5addbd7e
openssh-server_8.2p1-4ubuntu0.13+tuxcare.els1_amd64.deb
sha:35bb8143de1f0c3320b58b7e7a6bf737bc6868d3
openssh-sftp-server_8.2p1-4ubuntu0.13+tuxcare.els1_amd64.deb
sha:4bee23ec175e0405dfcdb7540532629425d3737f
openssh-tests_8.2p1-4ubuntu0.13+tuxcare.els1_amd64.deb
sha:2c1b731de22209d29dc81b9c2206d147f6014ed7
ssh_8.2p1-4ubuntu0.13+tuxcare.els1_all.deb
sha:13b398e75b159e775c5e70118c0ad45566a10d2e
ssh-askpass-gnome_8.2p1-4ubuntu0.13+tuxcare.els1_amd64.deb
sha:86a176ceb6f84f8a7d2798caa422d9a1203fcb6b

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.