ALSA-2026:19069

[ALSA-2026:19069] Important: openssh security update

Type:

security

Severity:

important

Release date:

2026-05-26

Description:

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.  

Security Fix(es):  

  * OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode (CVE-2026-35385)
  * OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option (CVE-2026-35414)
  * OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage (CVE-2026-35387)
  * OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions (CVE-2026-35388)
  * OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username (CVE-2026-35386)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	openssh-askpass-9.9p1-23.el10_2.alma.1.aarch64.rpm	36cb78f50b38c78b4f371e405964108200b9a177376f770a8c4e9ba37f2ec067
aarch64	openssh-9.9p1-23.el10_2.alma.1.aarch64.rpm	428ab576f662873d365d930d2c391da0366ef96a32c32fcb3fd4c652ab37105e
aarch64	openssh-keysign-9.9p1-23.el10_2.alma.1.aarch64.rpm	6902e2f0d86969278e41b2f6d3c7a8c1da995cc14c056e68f3f8aabc2975c31c
aarch64	openssh-keycat-9.9p1-23.el10_2.alma.1.aarch64.rpm	be13381aad6034438fc24789d17c362b00d3deb9be1439c3996ce442032aed8f
aarch64	openssh-server-9.9p1-23.el10_2.alma.1.aarch64.rpm	f997caac50845ef97ebbd6624b5f63c20773d90317d9d3bbab4e06b6fc4e71a2
aarch64	openssh-clients-9.9p1-23.el10_2.alma.1.aarch64.rpm	fac91a9642e1198dfca600c9f2a49eb1d034b4fb3cec5a168bd02dbfce011bf2
ppc64le	openssh-server-9.9p1-23.el10_2.alma.1.ppc64le.rpm	105ee52cf345fcd469cb7c8f5ea217e429f4d556beaad1aa69e41f340f53d526
ppc64le	openssh-keycat-9.9p1-23.el10_2.alma.1.ppc64le.rpm	1d4bba94ea27921bba492e2bb1e568648dfd6289f9d2783cb581eec931dcebc1
ppc64le	openssh-clients-9.9p1-23.el10_2.alma.1.ppc64le.rpm	2823955ca88bad22b79ce295780354132734de9582b8d16344bf312146c775b6
ppc64le	openssh-keysign-9.9p1-23.el10_2.alma.1.ppc64le.rpm	e75305f5b0f3fce5e0ac020a742035fec411694d83cb05fa6f07b8adfe3bed36
ppc64le	openssh-askpass-9.9p1-23.el10_2.alma.1.ppc64le.rpm	f046f749d5228c8d63a08cacde564d425d821ac435c1d21e90d464081edbe3fa
ppc64le	openssh-9.9p1-23.el10_2.alma.1.ppc64le.rpm	fc96c21be7bafacb3c1747546c5d320fbb67832cc8d0dbf7ea5c7c38d3dddeeb
s390x	openssh-askpass-9.9p1-23.el10_2.alma.1.s390x.rpm	12838ae1a3e066ad4d7bb6da69c7175d911544a657778f47ff5716e7a83a0bbd
s390x	openssh-clients-9.9p1-23.el10_2.alma.1.s390x.rpm	19808ec4a6f5135f37e0228f0d52992498b62e3481a011d37411df7221126119
s390x	openssh-9.9p1-23.el10_2.alma.1.s390x.rpm	5f82a16cc22148fdb978fb456a0b9500575051a1135b3e33984afa58eb34cb18
s390x	openssh-keycat-9.9p1-23.el10_2.alma.1.s390x.rpm	6db0fdd5872d40554b928c086a8219dc6d1f0c6bc4226ba35c2bf15a9bc24bce
s390x	openssh-server-9.9p1-23.el10_2.alma.1.s390x.rpm	82d14ec8fa4592a31b601363e69fddc10786d629ba15815ce14b1010d3b44186
s390x	openssh-keysign-9.9p1-23.el10_2.alma.1.s390x.rpm	f99524a37392b799f8b8656a1f7bb9dc274829b946f1348971fa28257a2c2949
x86_64	openssh-keysign-9.9p1-23.el10_2.alma.1.x86_64.rpm	4a880d720190ca15e5e4f3e932e58c360e7bf319585d6ffe730ab640839a7ff6
x86_64	openssh-9.9p1-23.el10_2.alma.1.x86_64.rpm	54ada5d13600f7c174dcee2230f7eb3ea68bc7e7ca69b3de763c7d000f25cc76
x86_64	openssh-clients-9.9p1-23.el10_2.alma.1.x86_64.rpm	658f24d8bc53e3882c5d70a64a0ef35ad4e0e8378c12e4e81ece31b14cace5e7
x86_64	openssh-keycat-9.9p1-23.el10_2.alma.1.x86_64.rpm	b453ca2528de90ac1bf999f6b70f1439543c3892b792a554424112ce446877d3
x86_64	openssh-server-9.9p1-23.el10_2.alma.1.x86_64.rpm	b648d29b3a70038d776cccf4f78290de074cbf9d810b3928bc630fcfee14780c
x86_64	openssh-askpass-9.9p1-23.el10_2.alma.1.x86_64.rpm	b9ac604bea64327c679924f7ac326fac8d9df879b61f96a1c60d72d0e013c3c9
x86_64_v2	openssh-clients-9.9p1-23.el10_2.alma.1.x86_64_v2.rpm	32e96080f7773cd38445bae70f27d89c994f04d7511afa2d129b591c99b239ea
x86_64_v2	openssh-keycat-9.9p1-23.el10_2.alma.1.x86_64_v2.rpm	33d2ba65993535cb267811e003de0a90b2edd97f6319956299de81908a10bade
x86_64_v2	openssh-keysign-9.9p1-23.el10_2.alma.1.x86_64_v2.rpm	3fc9b59ddd441f622f309df757effaedda010563a8532d14b07aa3aa6537adc3
x86_64_v2	openssh-9.9p1-23.el10_2.alma.1.x86_64_v2.rpm	d50d37e636d50d541335b3197217611113f0ff89a0c0cebde34da2bd1f948a5a
x86_64_v2	openssh-askpass-9.9p1-23.el10_2.alma.1.x86_64_v2.rpm	f136b16d1e75c696e4b68eeebe1824cfceb2e307ec6e6c7ba64c36fe7d834d2c
x86_64_v2	openssh-server-9.9p1-23.el10_2.alma.1.x86_64_v2.rpm	faa8fecd95401d5caf1c374c819dff230271366542a26c679797460f34f934de

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.