Release date:
2026-04-30 23:31:41 UTC
Description:
* SECURITY UPDATE: incorrect matching of authorized_keys principals="..."
option when a certificate principal name contains a comma character
- debian/patches/CVE-2026-35414.patch: split principal_list on commas
and exact-match each entry instead of passing it to match_list()
- CVE-2026-35414
Updated packages:
-
openssh-client_7.2p2-4ubuntu2.10+tuxcare.els9_amd64.deb
sha:09af133165cc2ecb5b46443cc18fff43379db669
-
openssh-client-ssh1_7.2p2-4ubuntu2.10+tuxcare.els9_amd64.deb
sha:6ff062cedf78faa5254e49ace24568468d88fdc2
-
openssh-server_7.2p2-4ubuntu2.10+tuxcare.els9_amd64.deb
sha:fa8136ff6d5d7d29a98b74f414003c82a5966c5b
-
openssh-sftp-server_7.2p2-4ubuntu2.10+tuxcare.els9_amd64.deb
sha:9611d9cdf6d6c1fc65ccebc601bc6d41c6b43d92
-
ssh_7.2p2-4ubuntu2.10+tuxcare.els9_all.deb
sha:20ffa13b7afebbf349d25c406f719263a21528a1
-
ssh-askpass-gnome_7.2p2-4ubuntu2.10+tuxcare.els9_amd64.deb
sha:d0b97f335db0f2d96bd165278466cb712f9b3f3d
-
ssh-krb5_7.2p2-4ubuntu2.10+tuxcare.els9_all.deb
sha:474d604ee3fe0e16925305129d520489d1b5a73e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
