CLSA-2026-1777556512

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777556512.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1777556512

Upstream

CVE-2026-35385

Published

2026-04-30T13:41:59Z

Modified

2026-06-04T09:47:37.941112661Z

Summary

Fix CVE(s): CVE-2026-35385

Details

SECURITY UPDATE: setuid/setgid bits preserved on scp downloads without -p
- debian/patches/CVE-2026-35385.patch: in legacy (-O) mode, OR 07000 into the saved umask in sink() in scp.c so that setuid/setgid/sticky bits are stripped from received files when -p is not specified.
- CVE-2026-35385

References

https://errata.tuxcare.com/els_os/ubuntu20.04els/CLSA-2026-1777556512.html

Affected packages

TuxCare:Ubuntu:20.04

openssh-client

Package

Name: openssh-client
Purl: pkg:deb/tuxcare/openssh-client?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:8.2p1-4ubuntu0.13+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777556512.json"

openssh-server

Package

Name: openssh-server
Purl: pkg:deb/tuxcare/openssh-server?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:8.2p1-4ubuntu0.13+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777556512.json"

openssh-sftp-server

Package

Name: openssh-sftp-server
Purl: pkg:deb/tuxcare/openssh-sftp-server?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:8.2p1-4ubuntu0.13+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777556512.json"

openssh-tests

Package

Name: openssh-tests
Purl: pkg:deb/tuxcare/openssh-tests?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:8.2p1-4ubuntu0.13+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777556512.json"

ssh

Package

Name: ssh
Purl: pkg:deb/tuxcare/ssh?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:8.2p1-4ubuntu0.13+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777556512.json"

ssh-askpass-gnome

Package

Name: ssh-askpass-gnome
Purl: pkg:deb/tuxcare/ssh-askpass-gnome?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:8.2p1-4ubuntu0.13+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777556512.json"