Release date:
2026-04-29 09:03:33 UTC
Description:
* SECURITY UPDATE: incorrect matching of principals in the authorized_keys
principals="..." option when a certificate principal contains a comma.
- debian/patches/CVE-2026-35414.patch: fix match_principals_option to
split on comma and compare principals exactly
- CVE-2026-35414
Updated packages:
-
openssh-client_7.6p1-4ubuntu0.7+tuxcare.els8_amd64.deb
sha:21b6a3075aaeff4c8367dff900313a5b4277dc12
-
openssh-server_7.6p1-4ubuntu0.7+tuxcare.els8_amd64.deb
sha:ad5af04b58c91fe214e548155047b2f2ed5353d1
-
openssh-sftp-server_7.6p1-4ubuntu0.7+tuxcare.els8_amd64.deb
sha:00127fbaf2b9970e82630b4e5a2abffac7b1728e
-
ssh_7.6p1-4ubuntu0.7+tuxcare.els8_all.deb
sha:57c389a5a99ceabd94af7c92e35ebfedddbb08ad
-
ssh-askpass-gnome_7.6p1-4ubuntu0.7+tuxcare.els8_amd64.deb
sha:cf1fd6d3e09bdc0fd722fc19bb225242141c998a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
