openssh-9.9p1-7.el9.ML.1
エラータID: AXSA:2026-1095:06
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.
Security Fix(es):
* OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode (CVE-2026-35385)
* OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option (CVE-2026-35414)
* OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage (CVE-2026-35387)
* OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions (CVE-2026-35388)
* OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username (CVE-2026-35386)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-35385
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).
CVE-2026-35386
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.
CVE-2026-35387
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.
CVE-2026-35388
OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.
CVE-2026-35414
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
Update packages.
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.
OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
N/A
SRPMS
- openssh-9.9p1-7.el9.ML.1.src.rpm
MD5: 210d8c0edb74cd79dab3daa25e6decbc
SHA-256: 1b1ddcec112053a41d1ddd3856192bbd472f633724ea3aba9a2b763c92e934ed
Size: 2.43 MB
Asianux Server 9 for x86_64
- openssh-9.9p1-7.el9.ML.1.x86_64.rpm
MD5: cc1a52a1d34e89b231e2bf3889650f6b
SHA-256: 6bb5fab0cb0ecc9c1f0abf04fbce8739edacb13d8a92a1bb87a94bb8a35d1c85
Size: 427.35 kB - openssh-askpass-9.9p1-7.el9.ML.1.x86_64.rpm
MD5: 5964c50f6abbe4c9e6459e3c21b82cdb
SHA-256: b5d55279a34bb1057f5b9d656fc990e1d00644b13065aaf24a5faf770da93036
Size: 17.43 kB - openssh-clients-9.9p1-7.el9.ML.1.x86_64.rpm
MD5: e9d6133640dbf1edd95d50e514b3bfbc
SHA-256: 1512d0ce0551d525f7fbdcaccda5fb2f379b9f67483ee253a1ce5e1c69708cfb
Size: 772.88 kB - openssh-keycat-9.9p1-7.el9.ML.1.x86_64.rpm
MD5: 7858490cafd08b8084f93a6aba6094d7
SHA-256: 7fb862fc87fc4878e5030d93c2b4d7c9da039c6af5a319f6c03cd1f08165bddc
Size: 18.86 kB - openssh-server-9.9p1-7.el9.ML.1.x86_64.rpm
MD5: 983bb9b0ed71245dcca8e59a0bd7896b
SHA-256: 85339baaddb3cf327e16566f10ceade929e9ea5aecb05ff18b2567cde0df1173
Size: 548.02 kB - pam_ssh_agent_auth-0.10.4-7.7.el9.ML.1.x86_64.rpm
MD5: 374ec95b20b78e7a45b6feda1cb284e9
SHA-256: 46bb5afec826cde3688d808a406e7d7c75a1bbdf3d4a01705fcbe0952cee4e30
Size: 103.54 kB