3 matches found
CLSA-2026-1777567965 openssh: Fix of CVE-2026-35385
CVE-2026-35385: when downloading files as root in legacy -O mode and without the -p preserve modes flag, scp1 did not clear setuid/setgid bits from downloaded files. Backport upstream commit 487e8ac1 to mask out the setuid/setgid bits in this case...
CLSA-2026-1777547626 openssh: Fix of CVE-2026-35385
CVE-2026-35385: clear setuid/setgid bits when downloading files as root in scp legacy -O mode without the -p flag...
CLSA-2026-1777542837 Fix CVE(s): CVE-2026-35385
SECURITY UPDATE: scp setuid/setgid bit handling - debian/patches/CVE-2026-35385.patch: when downloading files as root in legacy -O mode and without the -p preserve modes flag, mask out setuid/setgid bits in scp1 sink. - CVE-2026-35385...