739 matches found
CLSA-2026-1777941528 openssh: Fix of CVE-2026-35385
CVE-2026-35385: fix scp legacy protocol receiver to clear setuid/setgid bits from downloaded files when -p preserve mode is not set...
OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode
A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...
CLSA-2026-1777586245 Fix CVE(s): CVE-2026-35385
SECURITY UPDATE: scp1 downloading as root in legacy mode without -p did not clear setuid/setgid bits on downloaded files. - debian/patches/CVE-2026-35385.patch: clear setuid/setgid bits from umask in sink when -p is not set - CVE-2026-35385...
CLSA-2026-1777567687 Fix CVE(s): CVE-2026-35385
SECURITY UPDATE: scp setuid/setgid bit handling - debian/patches/CVE-2026-35385.patch: when downloading files as root in legacy -O mode and without the -p preserve modes flag, mask out setuid/setgid bits in scp1 sink. - CVE-2026-35385...
CLSA-2026-1777556512 Fix CVE(s): CVE-2026-35385
SECURITY UPDATE: setuid/setgid bits preserved on scp downloads without -p - debian/patches/CVE-2026-35385.patch: in legacy -O mode, OR 07000 into the saved umask in sink in scp.c so that setuid/setgid/sticky bits are stripped from received files when -p is not specified. - CVE-2026-35385...
CLSA-2026-1777547626 openssh: Fix of CVE-2026-35385
CVE-2026-35385: clear setuid/setgid bits when downloading files as root in scp legacy -O mode without the -p flag...
CLSA-2026-1777546896 openssh: Fix of CVE-2026-35385
CVE-2026-35385: when downloading files as root in legacy -O mode and without the -p preserve modes flag, scp1 did not clear setuid/setgid bits from downloaded files. Backport upstream commit 487e8ac1 to mask out the setuid/setgid bits in this case...
CLSA-2026-1777542837 Fix CVE(s): CVE-2026-35385
SECURITY UPDATE: scp setuid/setgid bit handling - debian/patches/CVE-2026-35385.patch: when downloading files as root in legacy -O mode and without the -p preserve modes flag, mask out setuid/setgid bits in scp1 sink. - CVE-2026-35385...
Important: openssh
Issue Overview: In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode. CVE-2026-35385 Affected Packages: openssh Note: This...
Amazon Linux 2023 : openssh, openssh-clients, openssh-keycat (ALAS2023-2026-1604)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1604 advisory. In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and...
sudo: Sudo: Privilege escalation due to failure in privilege drop calls
A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...
OESA-2026-1999 sudo security update
Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: In Sudo through 1.9.17p2 before 3e474c2, a failure of a setui...
OESA-2026-1997 sudo security update
Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: In Sudo through 1.9.17p2 before 3e474c2, a failure of a setui...
GHSA-X2WV-9P67-MH9W uutils coreutils doesn't properly handle setuid and setgid bits when ownership preservation fails
The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...
uutils coreutils doesn't properly handle setuid and setgid bits when ownership preservation fails
The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...
CVE-2026-35350
The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...
CVE-2026-35350 uutils coreutils cp Unexpected Privileged Executable Creation with -p
The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...
CVE-2026-35350 uutils coreutils cp Unexpected Privileged Executable Creation with -p
The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...
CVE-2026-35350
The CVE-2026-35350 entry concerns the cp utility in uutils coreutils. When using -p (preserve), if chown fails, the tool applies the source’s mode bits, potentially producing a user-owned copy with privileged bits (setuid/setgid) and violating local security policies. This behavior differs from G...
SUSE-SU-2026:21369-1 Security update for sudo
This update for sudo fixes the following issues: - CVE-2026-35535: unhandled failure of setuid, setgid or setgroups calls during a mailer privilege drop allows for local privilege escalation bsc1261420...