Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 16.04 OpenSSH Critical File Overwrite Risk USN-8514-1 CVE-2026-35385

ubuntu
Calendar Grey July 6, 2026
Dist Ubuntu Esm H88
OpenSSH flaw could allow file overwriting by the admin in Ubuntu systems. Must update to avoid privilege escalation risks.
OpenSSH could be made to overwrite files as the administrator.

Summary

OpenSSH could be made to overwrite files as the administrator.

Software Description:

- openssh: secure shell (SSH) for secure access to remote machines

Details:

It was discovered that OpenSSH incorrectly handled file permissions when

downloading files as root using the legacy scp protocol without the

preserve-mode option. An attacker could use this to install setuid or setgid

files on a system, possibly leading to privilege escalation.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
  openssh-client                  1:7.2p2-4ubuntu2.10+esm8
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8514-1

CVE-2026-35385

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8514-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here