ALSA-2026:19219

[ALSA-2026:19219] Important: openssh security update

Type:

security

Severity:

important

Release date:

2026-05-26

Description:

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.  

Security Fix(es):  

  * OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode (CVE-2026-35385)
  * OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option (CVE-2026-35414)
  * OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage (CVE-2026-35387)
  * OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions (CVE-2026-35388)
  * OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username (CVE-2026-35386)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	openssh-9.9p1-7.el9_8.alma.1.aarch64.rpm	1e84def2fa9369174ca06c5c328be10c23e16b3c731519aa53addfac8e0a087d
aarch64	openssh-askpass-9.9p1-7.el9_8.alma.1.aarch64.rpm	2d51737a3f7b70853fa26d3d1491a6de4749f79c88d3ee1b736c47654de611d2
aarch64	openssh-keycat-9.9p1-7.el9_8.alma.1.aarch64.rpm	5b2660790364a0bccd2b4b5c2e8b601b88dbb5032ec83992d95293e41463114c
aarch64	openssh-server-9.9p1-7.el9_8.alma.1.aarch64.rpm	8e7cc811535ce672fe243791e468723eb35cf11865eba759f2a87f3878198f90
aarch64	pam_ssh_agent_auth-0.10.4-7.7.el9_8.alma.1.aarch64.rpm	b157d0addf5315c64e7cebef40f119a2e450bdbc0a6b0a2e1fa3c1f54b82fa68
aarch64	openssh-clients-9.9p1-7.el9_8.alma.1.aarch64.rpm	f5ec3800893a4cbd8b05296177cb6016e5e6762877d1605bf65f9f2d8ef5709b
ppc64le	openssh-clients-9.9p1-7.el9_8.alma.1.ppc64le.rpm	1e403b67d36b82e124e620af95494fe40c4f4b0d37e5cb8eb719c33a7be0327d
ppc64le	pam_ssh_agent_auth-0.10.4-7.7.el9_8.alma.1.ppc64le.rpm	1f012ff612e45a889e233b62728fa853d530d5d0a017393d1bc6171a68e92f84
ppc64le	openssh-9.9p1-7.el9_8.alma.1.ppc64le.rpm	819eb419f8b24925f1bdd8427e7fc6d58aa409cef8b3f6b0394747920ba1598f
ppc64le	openssh-keycat-9.9p1-7.el9_8.alma.1.ppc64le.rpm	9eda9d6f14250907ff60b0d60262620084b6366ede7b91d55dd2968db317f8ae
ppc64le	openssh-askpass-9.9p1-7.el9_8.alma.1.ppc64le.rpm	b28c921531e85fb6a1ede2e2729d29e140d2221c3e51785f0d483f375fb27cc5
ppc64le	openssh-server-9.9p1-7.el9_8.alma.1.ppc64le.rpm	d1b8d02fdcaf6785013d65a377db297c6606ac54a7b88ac6b29743b189008101
s390x	openssh-keycat-9.9p1-7.el9_8.alma.1.s390x.rpm	0797f5faf65499307ed18e28a347fc68af7d2eee6bd13c2a7d6302bf397dc68b
s390x	openssh-9.9p1-7.el9_8.alma.1.s390x.rpm	4713328d20c4fe82ab35249f7b17a2f29f478a11cdcb09e336850979a6b6a8bc
s390x	openssh-server-9.9p1-7.el9_8.alma.1.s390x.rpm	55204546c7d846c2820cd92d7839b0051766d6eb334c58d3e2b484915bd53186
s390x	pam_ssh_agent_auth-0.10.4-7.7.el9_8.alma.1.s390x.rpm	6629070e1df45b128ccefe108b7dd48a64242981628e35087051db3c73f134ac
s390x	openssh-askpass-9.9p1-7.el9_8.alma.1.s390x.rpm	cc775fad09c751c422408f75171181c2f6d572efd70f277ade44800cdf59bac7
s390x	openssh-clients-9.9p1-7.el9_8.alma.1.s390x.rpm	f27ac72bc18efbde5eb5075ce8d8ab24f1ec158b155fb41f21093a36a5896b38
x86_64	openssh-keycat-9.9p1-7.el9_8.alma.1.x86_64.rpm	2209490cd1c6521f903c53708003c2289722f78f261db9f53e4967256692df5e
x86_64	openssh-9.9p1-7.el9_8.alma.1.x86_64.rpm	2f7aa09e8a7d02758d9f51f6f5ca459a7116f113a0a9cf84afe0257aa39134cd
x86_64	openssh-server-9.9p1-7.el9_8.alma.1.x86_64.rpm	5ccb61ade9692194135ddd59c7b4c998cf543231269a49f55e8be7148c2f5869
x86_64	pam_ssh_agent_auth-0.10.4-7.7.el9_8.alma.1.x86_64.rpm	6b04b1f944301fb84d76fd0d80f9c6d36ef2a52e8496cd587bc9ecd46c89fd77
x86_64	openssh-askpass-9.9p1-7.el9_8.alma.1.x86_64.rpm	cb6a33522c24dc992bb47ec93c6688abdf942bbd3a3b017ce221fc74b9256add
x86_64	openssh-clients-9.9p1-7.el9_8.alma.1.x86_64.rpm	e0bac831003b2a73431e0164500a6574c3fb0db7c608134323d7ac333132d4fa

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.