[Apollo] Advisories Statistics light light Login

RLSA-2026:13383

Security Mirrored from RHSA-2026:13383
Issued at: 2026-05-06
Updated at: 2026-05-06

Synopsis

Important: openssh security update



Description

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

* OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode (CVE-2026-35385)

* OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option (CVE-2026-35414)

* OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage (CVE-2026-35387)

* OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions (CVE-2026-35388)

* OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username (CVE-2026-35386)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2454469 2454490 2454494 2454500 2454506

CVEs

CVE-2026-35385 CVE-2026-35386 CVE-2026-35387 CVE-2026-35388 CVE-2026-35414

Affected packages

Rocky Linux 8 aarch64 - BaseOS

openssh-0:8.0p1-29.el8_10.aarch64.rpm openssh-0:8.0p1-29.el8_10.src.rpm openssh-cavs-0:8.0p1-29.el8_10.aarch64.rpm openssh-cavs-debuginfo-0:8.0p1-29.el8_10.aarch64.rpm openssh-clients-0:8.0p1-29.el8_10.aarch64.rpm openssh-clients-debuginfo-0:8.0p1-29.el8_10.aarch64.rpm openssh-debuginfo-0:8.0p1-29.el8_10.aarch64.rpm openssh-debugsource-0:8.0p1-29.el8_10.aarch64.rpm openssh-keycat-0:8.0p1-29.el8_10.aarch64.rpm openssh-keycat-debuginfo-0:8.0p1-29.el8_10.aarch64.rpm openssh-ldap-0:8.0p1-29.el8_10.aarch64.rpm openssh-ldap-debuginfo-0:8.0p1-29.el8_10.aarch64.rpm openssh-server-0:8.0p1-29.el8_10.aarch64.rpm openssh-server-debuginfo-0:8.0p1-29.el8_10.aarch64.rpm pam_ssh_agent_auth-0:0.10.3-7.29.el8_10.aarch64.rpm pam_ssh_agent_auth-debuginfo-0:0.10.3-7.29.el8_10.aarch64.rpm

Rocky Linux 8 x86_64 - BaseOS

openssh-0:8.0p1-29.el8_10.src.rpm openssh-0:8.0p1-29.el8_10.x86_64.rpm openssh-cavs-0:8.0p1-29.el8_10.x86_64.rpm openssh-cavs-debuginfo-0:8.0p1-29.el8_10.x86_64.rpm openssh-clients-0:8.0p1-29.el8_10.x86_64.rpm openssh-clients-debuginfo-0:8.0p1-29.el8_10.x86_64.rpm openssh-debuginfo-0:8.0p1-29.el8_10.x86_64.rpm openssh-debugsource-0:8.0p1-29.el8_10.x86_64.rpm openssh-keycat-0:8.0p1-29.el8_10.x86_64.rpm openssh-keycat-debuginfo-0:8.0p1-29.el8_10.x86_64.rpm openssh-ldap-0:8.0p1-29.el8_10.x86_64.rpm openssh-ldap-debuginfo-0:8.0p1-29.el8_10.x86_64.rpm openssh-server-0:8.0p1-29.el8_10.x86_64.rpm openssh-server-debuginfo-0:8.0p1-29.el8_10.x86_64.rpm pam_ssh_agent_auth-0:0.10.3-7.29.el8_10.x86_64.rpm pam_ssh_agent_auth-debuginfo-0:0.10.3-7.29.el8_10.x86_64.rpm

Rocky Linux 8 aarch64 - AppStream

openssh-askpass-0:8.0p1-29.el8_10.aarch64.rpm openssh-askpass-debuginfo-0:8.0p1-29.el8_10.aarch64.rpm

Rocky Linux 8 x86_64 - AppStream

openssh-askpass-0:8.0p1-29.el8_10.x86_64.rpm openssh-askpass-debuginfo-0:8.0p1-29.el8_10.x86_64.rpm