ALSA-2026:13381

[ALSA-2026:13381] Important: openssh security update

Type:

security

Severity:

important

Release date:

2026-05-04

Description:

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.  

Security Fix(es):  

  * OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode (CVE-2026-35385)
  * OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option (CVE-2026-35414)
  * OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage (CVE-2026-35387)
  * OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions (CVE-2026-35388)
  * OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username (CVE-2026-35386)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	openssh-askpass-8.7p1-49.el9_7.alma.1.aarch64.rpm	03db232e619e5252971fc588f2ff1a778be0bfad27c4a5e143e06cedc81b8a7d
aarch64	openssh-8.7p1-49.el9_7.alma.1.aarch64.rpm	71af7e9c9fad0bb77ce7eeba6be597cdd2e0af8e6d9fb8e6803867eebf834dec
aarch64	openssh-clients-8.7p1-49.el9_7.alma.1.aarch64.rpm	792fc0043a4fb77ece51a7f2e92532655523a4a8dceaf78aac6d4b0b4d859969
aarch64	openssh-keycat-8.7p1-49.el9_7.alma.1.aarch64.rpm	9fee30228b6469a75d99938fa4c080f7a3a2da05fb767829c5803beaed523b38
aarch64	pam_ssh_agent_auth-0.10.4-5.49.el9_7.alma.1.aarch64.rpm	a6aebff2f4ddd14eb9062a917335ba47d187f25961ee28b85b67ff8e7f30d61a
aarch64	openssh-server-8.7p1-49.el9_7.alma.1.aarch64.rpm	a89df53151129169e2effaf94bc960a9a56c95617cd582048d1d2b4a99a7552f
ppc64le	openssh-server-8.7p1-49.el9_7.alma.1.ppc64le.rpm	0240660c6c8bcbfecdd2f2d6953d407b7a8e8fb80fd9765a40a44c457820a5af
ppc64le	openssh-askpass-8.7p1-49.el9_7.alma.1.ppc64le.rpm	13ca9f6bc51731a5faaa294e46fbe0621249d3b660a7ef61783a523d3e4eec49
ppc64le	openssh-8.7p1-49.el9_7.alma.1.ppc64le.rpm	56d7d3954e4b0b6f92cbad029e4ca86c070cfcf06018ead0248b89311a70c4bb
ppc64le	openssh-clients-8.7p1-49.el9_7.alma.1.ppc64le.rpm	717c128b620e29a3d41c9356b12ee9cb745f4a57dbf7147cd0d3806348992b1d
ppc64le	pam_ssh_agent_auth-0.10.4-5.49.el9_7.alma.1.ppc64le.rpm	b656a3f1bef1494903dfd713f2643ad8163dfa557587645afad679b677ba11fe
ppc64le	openssh-keycat-8.7p1-49.el9_7.alma.1.ppc64le.rpm	fd1763af325eb52d712e36a326588cb49ad7a466e2e60624f7629dfb1c87d72a
s390x	pam_ssh_agent_auth-0.10.4-5.49.el9_7.alma.1.s390x.rpm	8492c1fde9b7ef801dd9b38d7fac824cc298f1bc334a10f468a9943e7f3d6a01
s390x	openssh-keycat-8.7p1-49.el9_7.alma.1.s390x.rpm	9026d6d10b3a582511b87040be47a773d8ff65b74cd0b56188e44846d55b4e34
s390x	openssh-8.7p1-49.el9_7.alma.1.s390x.rpm	bd16db0b6cd44ca482f896a8da180407d4f6d02b1ee4dd8d402eb48e3cce8caf
s390x	openssh-server-8.7p1-49.el9_7.alma.1.s390x.rpm	e5892152a90e5514f1b3811a814517228ed70192996b4f0743f310e8d6678c35
s390x	openssh-clients-8.7p1-49.el9_7.alma.1.s390x.rpm	e7666705bc1659f618bd9cddbd74a4adf4fff40b120a9e36434494d773ed274a
s390x	openssh-askpass-8.7p1-49.el9_7.alma.1.s390x.rpm	fdee42bf07d53c19186b721294ad88ea1737f5241b2a8314c43b25464400a00b
x86_64	openssh-8.7p1-49.el9_7.alma.1.x86_64.rpm	1e92d1e58bb190cdc2d321467dd8f5641728303fd6783fb8c2fd725110e5835c
x86_64	openssh-server-8.7p1-49.el9_7.alma.1.x86_64.rpm	2afc7371931379f3a9cfe7911e5992ddf7ed286a9f106c103ce057c254979054
x86_64	openssh-askpass-8.7p1-49.el9_7.alma.1.x86_64.rpm	4f704de3857bf18c688e7ac70ad9519a50dc5a9d6584a089538703d790efc6b4
x86_64	openssh-clients-8.7p1-49.el9_7.alma.1.x86_64.rpm	610abac0d9880178c985de8f68d0754c8cff2b51092af3c33bfb2ac2b3748e3f
x86_64	pam_ssh_agent_auth-0.10.4-5.49.el9_7.alma.1.x86_64.rpm	8136fbfcfbcaca1fd0e9fbdd23a49de0f560d210d6b70ec51cb6a4b1a832ab73
x86_64	openssh-keycat-8.7p1-49.el9_7.alma.1.x86_64.rpm	aa6d63951a6f6c6f7ca57867aafdede5dd370149b1cfbcce283a73b3dfaad2dc

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.