ALSA-2026:13383

[ALSA-2026:13383] Important: openssh security update

Type:

security

Severity:

important

Release date:

2026-05-04

Description:

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.  

Security Fix(es):  

  * OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode (CVE-2026-35385)
  * OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option (CVE-2026-35414)
  * OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage (CVE-2026-35387)
  * OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions (CVE-2026-35388)
  * OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username (CVE-2026-35386)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	openssh-8.0p1-29.el8_10.aarch64.rpm	5f197c32d9987b1cda6f21ad44ef4d1f59034a3aeacc88f37a4b71b08ca33d70
aarch64	openssh-ldap-8.0p1-29.el8_10.aarch64.rpm	7364d43196c1569722c60c78509db9bba4094ea33597ec9c78382ba3f19747da
aarch64	openssh-askpass-8.0p1-29.el8_10.aarch64.rpm	87ff9b333ca6ebf440373553f7369a5903a328b92b324eee4bfe4afce3a94491
aarch64	openssh-clients-8.0p1-29.el8_10.aarch64.rpm	c94ad3033fe50e5234fc99047ef64a6f5bff27dceecb6bc1bd6509e4d191eec9
aarch64	openssh-cavs-8.0p1-29.el8_10.aarch64.rpm	da835223122d9c1132ad73f0f20b1ed604c3188fc5e8b50d8bc93a7c53618455
aarch64	pam_ssh_agent_auth-0.10.3-7.29.el8_10.aarch64.rpm	ea349777452b213944f8c2fbc5bdca381e35c8ea922f9f043a3350a4e6808ddf
aarch64	openssh-server-8.0p1-29.el8_10.aarch64.rpm	ee2de0c32819ce9f843534705c8d797ca1ce7f635ce6b3dfbb1457b3f9917630
aarch64	openssh-keycat-8.0p1-29.el8_10.aarch64.rpm	f6e417ec75e5d3934d5715e54e37a8c33e52675df444deeb8f6bf5e8a43f45f7
ppc64le	openssh-8.0p1-29.el8_10.ppc64le.rpm	24737c5ed881fbc1f4cbf6f820cd09b31a2c2d23eee6dae8a78ca0fe3b4e3ee7
ppc64le	openssh-clients-8.0p1-29.el8_10.ppc64le.rpm	2e5a3a2a13c5a97c0f575d6f5d556367a76c3e787721f8177b66d8c167f12e9a
ppc64le	openssh-askpass-8.0p1-29.el8_10.ppc64le.rpm	5bb2996e8322e70898b4ab77c59cd15475222c7d8146d6911bf4c1169f86c790
ppc64le	openssh-cavs-8.0p1-29.el8_10.ppc64le.rpm	60e30fcbfc1ae1b0131de371528d36f2ab473be9089661c0e93fb4ba37a9e1ab
ppc64le	openssh-keycat-8.0p1-29.el8_10.ppc64le.rpm	755f03ad88eef298436fc38a3015665151b2d078bf91b46a25aabbcb2ea1a5c8
ppc64le	openssh-ldap-8.0p1-29.el8_10.ppc64le.rpm	9547d36ed46477e16b7ed19551d445f7ef51126621ed74b49ab41d3b9f870a21
ppc64le	openssh-server-8.0p1-29.el8_10.ppc64le.rpm	cc9724978aaf8d4e4dbbc7d8e2bbd91c905e830bd7c8ebbb4526e39b4d5107db
ppc64le	pam_ssh_agent_auth-0.10.3-7.29.el8_10.ppc64le.rpm	fd9766a7e3656035547a24c7a23297eefa83d4498a038403285c6a69ddc70f9c
s390x	openssh-8.0p1-29.el8_10.s390x.rpm	48d3161df1835070ba5cb07964322e83e42d3d21d711267600386288ca4435e8
s390x	openssh-server-8.0p1-29.el8_10.s390x.rpm	8c4cfa5f1814db12b643b6a6dad03579b3720f87893e10c8bfee48009b1fc5c9
s390x	openssh-keycat-8.0p1-29.el8_10.s390x.rpm	9f6c1f3808cecea0e5a62efd3e1dafc9ef15f939e8c7b6ff6ecd6c3d2c62ca5f
s390x	openssh-clients-8.0p1-29.el8_10.s390x.rpm	aaf515cec8c9d53fac59778d3d6428bcdec45b40f9d45f10854003bc00585ca0
s390x	openssh-cavs-8.0p1-29.el8_10.s390x.rpm	b4f87432822495b3b86c10f93112418f76c46604902baab193e576a4c183212e
s390x	openssh-ldap-8.0p1-29.el8_10.s390x.rpm	b5def7b654df990c3518c1af08f8e82e3fd8b3715e99a341d14b5aba006b9cfa
s390x	openssh-askpass-8.0p1-29.el8_10.s390x.rpm	ddf25cdebd4b0b3c7cf5bbaca55c92eafd2509806dddfe93edaa313a946cf955
s390x	pam_ssh_agent_auth-0.10.3-7.29.el8_10.s390x.rpm	e1c70d8c73db9a7d068d5a0269161b692db56b51251c660f89400a2746aac6b5
x86_64	openssh-cavs-8.0p1-29.el8_10.x86_64.rpm	04fefe2a4079792e69831c86a64f107452668ac9babe14c13b82b160374bbea0
x86_64	openssh-askpass-8.0p1-29.el8_10.x86_64.rpm	1cc0e6603787a6b3a2db753a7c3ae8fdb1e59187266bd6cddf88192207cc3670
x86_64	openssh-clients-8.0p1-29.el8_10.x86_64.rpm	2fd258c124cfa079c1e6ba6829df4c2781d43489cda710516b9fcdf5d9ae024d
x86_64	openssh-server-8.0p1-29.el8_10.x86_64.rpm	3e0ae2aa2c9de619741153ad568758dcd6ac3905bdb34f4aad5b5c5e5684a78b
x86_64	openssh-8.0p1-29.el8_10.x86_64.rpm	554d38bae5629d07c3aa36a00d3d5c39848666e44d6540dae501b9bc44f62ba3
x86_64	openssh-keycat-8.0p1-29.el8_10.x86_64.rpm	99239335a107b0966c9ae8e4cf33c23128ce62fb5aaa38e8272fc4377b4d98f5
x86_64	pam_ssh_agent_auth-0.10.3-7.29.el8_10.x86_64.rpm	ad6981159abb2989a2b046fcf565e1000247409845b24b5f617e0f87ae45f6f2
x86_64	openssh-ldap-8.0p1-29.el8_10.x86_64.rpm	cd6efbc1b2c47bb341e1506ba4507049d19ccd20ac7cf5504cda314690a58e5a

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.