UBUNTU-CVE-2026-35350

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

CVE-2026-35350 uutils coreutils cp Unexpected Privileged Executable Creation with -p

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

CVE-2026-35350 uutils coreutils cp Unexpected Privileged Executable Creation with -p

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

CVE-2026-35350

The CVE-2026-35350 entry concerns the cp utility in uutils coreutils. When using -p (preserve), if chown fails, the tool applies the source’s mode bits, potentially producing a user-owned copy with privileged bits (setuid/setgid) and violating local security policies. This behavior differs from G...

CVE-2026-35350

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

SUSE-SU-2026:21369-1 Security update for sudo

This update for sudo fixes the following issues: - CVE-2026-35535: unhandled failure of setuid, setgid or setgroups calls during a mailer privilege drop allows for local privilege escalation bsc1261420...

OPENSUSE-SU-2026:20604-1 Security update for sudo

This update for sudo fixes the following issues: - CVE-2026-35535: unhandled failure of setuid, setgid or setgroups calls during a mailer privilege drop allows for local privilege escalation bsc1261420...

SUSE CVE-2026-40706

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...

PT-2026-34486

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line tool set developed by Uutils Open Source. There is a security vulnerability in uutils coreutils. This vulnerability arises from the cp utility’s failure to properly handle the setuid and setgid bits when ownership retention fails. When copyin...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013267)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013267 advisory. The Linux kernel through 5.0.7, when CONFIGIA32AOUT is enabled and ia32aout is loaded, allows local users to bypass ASLR on setuid a.out programs if any exist becaus...

CVE-2026-32107

xrdp (open source RDP server) versions up to 0.10.5 are affected by a privilege drop handling flaw in the session execution component. The issue allows an authenticated local attacker to escalate to root and execute arbitrary code due to improper privilege management during privilege drop. An add...

OESA-2026-1963 openssh security update

An open source implementation of SSH protocol version 2 Security Fixes: Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. Th...

OESA-2026-1908 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: In Sudo through 1.9.17p2 before 3e474c2, a failure of a setui...

SUSE-SU-2026:21252-1 Security update for sudo

This update for sudo fixes the following issues: - CVE-2026-35535: unhandled failure of setuid, setgid or setgroups calls during a mailer privilege drop allows for local privilege escalation bsc1261420...

OpenSSH < 10.3 Multiple Vulnerabilities

The version of OpenSSH installed on the remote host is prior to 10.3. It is, therefore, affected by multiple vulnerabilities as referenced in the release-10.3 advisory. - In OpenSSH before 10.3, validation of shell metacharacters in user names supplied on the command-line was performed too late,...

Important: sudo

Issue Overview: In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation. CVE-2026-35535 Affected Packages: sudo Issue Correction: Run dnf update sudo...

JLSEC-2026-74 In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome...

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

SUSE CVE-2026-27456

util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...

Linux Distros Unpatched Vulnerability : CVE-2026-35385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performe...