Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:19069: Important: openssh security update

sshrhelcve-2026-35385cve-2026-35414cve-2026-35387
This Red Hat security advisory addresses multiple vulnerabilities in OpenSSH, including a high-severity privilege escalation via the SCP legacy protocol (CVE-2026-35385, CVSS 7.5) and a security bypass via mishandling of the authorized_keys principals option (CVE-2026-35414, CVSS 4.2). The vulnerabilities affect OpenSSH versions prior to 10.3, requiring an update to OpenSSH version 10.3 or later to remediate.
Read Full Article →

Red Hat Product Errata RHSA-2026:19069 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19069 - Security Advisory Overview Updated Packages Synopsis Important: openssh security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for openssh is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode (CVE-2026-35385) OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option (CVE-2026-35414) OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage (CVE-2026-35387) OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions (CVE-2026-35388) OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username (CVE-2026-35386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2454469 - CVE-2026-35385 OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode BZ - 2454490 - CVE-2026-35414 OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option BZ - 2454494 - CVE-2026-35387 OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage BZ - 2454500 - CVE-2026-35388 OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions BZ - 2454506 - CVE-2026-35386 OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username CVEs CVE-2026-35385 CVE-2026-35386 CVE-2026-35387 CVE-2026-35388 CVE-2026-35414 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM openssh-9.9p1-23.el10_2.src.rpm SHA-256: 9c0111bdf46a2eb2dccf0af4114e6b2cb13c5f4f3972e4010cb51d06f66d7b03 x86_64 openssh-9.9p1-23.el10_2.x86_64.rpm SHA-256: 6cfbd2e919f1902cc1c22b1b5487a1f69d3317a3289d92f6b97977fd3c767d5d openssh-askpass-9.9p1-23.el10_2.x86_64.rpm SHA-256: af540bedc1057dd7230790b23e41e99693f58b76b06415579f8503aa5dcedf33 openssh-askpass-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: c05b4128c7d11b215ab3f1468505003aa367a73006f8b68313d92abd49794538 openssh-askpass-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: c05b4128c7d11b215ab3f1468505003aa367a73006f8b68313d92abd49794538 openssh-clients-9.9p1-23.el10_2.x86_64.rpm SHA-256: f48280d45e1ce6e05a8e81daecb1d91f0c75589b3884c31c15c3b50590c812c3 openssh-clients-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: 318b0fc9c771b5f6ae1f426ab3d31eb73840bec9db9929e81df89c3c1139325c openssh-clients-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: 318b0fc9c771b5f6ae1f426ab3d31eb73840bec9db9929e81df89c3c1139325c openssh-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: a62a88dc37cadb523f9d09c525579a28af3f5793a351ebf26e3279e5853d2a84 openssh-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: a62a88dc37cadb523f9d09c525579a28af3f5793a351ebf26e3279e5853d2a84 openssh-debugsource-9.9p1-23.el10_2.x86_64.rpm SHA-256: 1a5cb0ff8376f32881e73f5c4ff2545981def7295531b82dd6ad4e89c3574887 openssh-debugsource-9.9p1-23.el10_2.x86_64.rpm SHA-256: 1a5cb0ff8376f32881e73f5c4ff2545981def7295531b82dd6ad4e89c3574887 openssh-keycat-9.9p1-23.el10_2.x86_64.rpm SHA-256: fbc4d9aa345416e553af15afa2c914ddc0c50445fe4c2c08b099b5bc9dae653b openssh-keycat-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: 9a4141ad7e6137130ba49dbe4ff6ae8bbab08fd03985e734699751777b7a96f3 openssh-keycat-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: 9a4141ad7e6137130ba49dbe4ff6ae8bbab08fd03985e734699751777b7a96f3 openssh-keysign-9.9p1-23.el10_2.x86_64.rpm SHA-256: 186b4037b71b42334ebd4859fcf36736e378c4e4290df5ad66e732033f42214d openssh-keysign-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: 6d1359a729313e4ae3eb56c8bd4292396dbe68d72a2bffb9f134be35208accd3 openssh-keysign-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: 6d1359a729313e4ae3eb56c8bd4292396dbe68d72a2bffb9f134be35208accd3 openssh-server-9.9p1-23.el10_2.x86_64.rpm SHA-256: d6a463a7cb0e7e23df91e55b48c7b751b88fa73455c38d5449c38d6665e981aa openssh-server-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: 6895f69d74d161f3e3a7d66a13f4ae18b5380740dcc929a42bb31847ddd8c671 openssh-server-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: 6895f69d74d161f3e3a7d66a13f4ae18b5380740dcc929a42bb31847ddd8c671 openssh-sk-dummy-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: ec86345f9c993628c99e55dd791c5a7e9f719b2e6c6fbeda84935409e0167b7d openssh-sk-dummy-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: ec86345f9c993628c99e55dd791c5a7e9f719b2e6c6fbeda84935409e0167b7d Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM openssh-9.9p1-23.el10_2.src.rpm SHA-256: 9c0111bdf46a2eb2dccf0af4114e6b2cb13c5f4f3972e4010cb51d06f66d7b03 x86_64 openssh-9.9p1-23.el10_2.x86_64.rpm SHA-256: 6cfbd2e919f1902cc1c22b1b5487a1f69d3317a3289d92f6b97977fd3c767d5d openssh-askpass-9.9p1-23.el10_2.x86_64.rpm SHA-256: af540bedc1057dd7230790b23e41e99693f58b76b06415579f8503aa5dcedf33 openssh-askpass-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: c05b4128c7d11b215ab3f1468505003aa367a73006f8b68313d92abd49794538 openssh-askpass-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: c05b4128c7d11b215ab3f1468505003aa367a73006f8b68313d92abd49794538 openssh-clients-9.9p1-23.el10_2.x86_64.rpm SHA-256: f48280d45e1ce6e05a8e81daecb1d91f0c75589b3884c31c15c3b50590c812c3 openssh-clients-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: 318b0fc9c771b5f6ae1f426ab3d31eb73840bec9db9929e81df89c3c1139325c openssh-clients-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: 318b0fc9c771b5f6ae1f426ab3d31eb73840bec9db9929e81df89c3c1139325c openssh-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: a62a88dc37cadb523f9d09c525579a28af3f5793a351ebf26e3279e5853d2a84 openssh-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: a62a88dc37cadb523f9d09c525579a28af3f5793a351ebf26e3279e5853d2a84 openssh-debugsource-9.9p1-23.el10_2.x86_64.rpm SHA-256: 1a5cb0ff8376f32881e73f5c4ff2545981def7295531b82dd6ad4e89c3574887 openssh-debugsource-9.9p1-23.el10_2.x86_64.rpm SHA-256: 1a5cb0ff8376f32881e73f5c4ff2545981def7295531b82dd6ad4e89c3574887 openssh-keycat-9.9p1-23.el10_2.x86_64.rpm SHA-256: fbc4d9aa345416e553af15afa2c914ddc0c50445fe4c2c08b099b5bc9dae653b openssh-keycat-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: 9a4141ad7e6137130ba49dbe4ff6ae8bbab08fd03985e734699751777b7a96f3 openssh-keycat-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: 9a4141ad7e6137130ba49dbe4ff6ae8bbab08fd03985e734699751777b7a96f3 openssh-keysign-9.9p1-23.el10_2.x86_64.rpm SHA-256: 186b4037b71b42334ebd4859fcf36736e378c4e4290df5ad66e732033f42214d openssh-keysign-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: 6d1359a729313e4ae3eb56c8bd4292396dbe68d72a2bffb9f134be35208accd3 openssh-keysign-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: 6d1359a729313e4ae3eb56c8bd4292396dbe68d72a2bffb9f134be35208accd3 openssh-server-9.9p1-23.el10_2.x86_64.rpm SHA-256: d6a463a7cb0e7e23df91e55b48c7b751b88fa73455c38d5449c38d6665e981aa openssh-server-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: 6895f69d74d161f3e3a7d66a13f4ae18b5380740dcc929a42bb31847ddd8c671 openssh-server-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: 6895f69d74d161f3e3a7d66a13f4ae18b5380740dcc929a42bb31847ddd8c671 openssh-sk-dummy-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: ec86345f9c993628c99e55dd791c5a7e9f719b2e6c6fbeda84935409e0167b7d openssh-sk-dummy-debuginfo-9.9p1-23.el10_2.x86_64.rpm SHA-256: ec86345f9c993628c99e55dd791c5a7e9f719b2e6c6fbeda84935409e0167b7d Red Hat Enterprise Linux for IBM z Systems 10 SRPM openssh-9.9p1-23.el10_2.src.rpm SHA-256: 9c0111bdf46a2eb2dccf0af4114e6b2cb13c5f4f3972e4010cb51d06f66d7b03 s390x openssh-9.9p1-23.el10_2.s390x.rpm SHA-256: 76c8ec45302cd4a3b2b931a8f4a713b8106394102afd9581fdc4e43c118f0127 openssh-askpass-9.9p1-23.el10_2.s390x.rpm SHA-256: 2c6739db7b8b2b6d0505939b99938e4682f25d40fdbcfd0d109c775fd13832a9 openssh-askpass-debuginfo-9.9p1-23.el10_2.s390x.rpm SHA-256: 0470f1377265cc81c00ae56

Related Articles

INFO RHSA-2026:12389: Important: openssh security update Red Hat Errata HIGH RHSA-2026:16059: Important: openssh security update Red Hat Errata INFO RHSA-2026:13380: Important: openssh security update Red Hat Errata HIGH RHSA-2026:13381: Important: openssh security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn