Stay Connected:

ELSA-2026-13380

ELSA-2026-13380 - openssh security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2026-05-05

Description


[9.9p1-14.0.1]
- Upstream references found with /usr/bin/ssh [Orabug: 37824421]

[9.9p1-14]
- CVE-2026-35385: Fix privilege escalation via scp legacy protocol
when not in preserving file mode
Resolves: RHEL-164738
- CVE-2026-35388: Add connection multiplexing confirmation for proxy-mode
multiplexing sessions
Resolves: RHEL-166237
- CVE-2026-35387: Fix incomplete application of PubkeyAcceptedAlgorithms
and HostbasedAcceptedAlgorithms with regard to ECDSA keys
Resolves: RHEL-166221
- CVE-2026-35414: Fix mishandling of authorized_keys principals option
Resolves: RHEL-166189
- CVE-2026-35386: Add validation rules to usernames and hostnames
set for ProxyJump/-J on the commandline
Resolves: RHEL-166205


Related CVEs


CVE-2026-35385
CVE-2026-35386
CVE-2026-35387
CVE-2026-35388
CVE-2026-35414

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 10 (aarch64) openssh-9.9p1-14.0.1.el10_1.src.rpm905e51083452742f08d9c3b746bb0e507fc62754606efe7cd43166cf7e042583-ol10_aarch64_appstream
openssh-9.9p1-14.0.1.el10_1.src.rpm905e51083452742f08d9c3b746bb0e507fc62754606efe7cd43166cf7e042583-ol10_aarch64_baseos_latest
openssh-9.9p1-14.0.1.el10_1.src.rpm905e51083452742f08d9c3b746bb0e507fc62754606efe7cd43166cf7e042583-ol10_aarch64_u1_baseos_patch
openssh-9.9p1-14.0.1.el10_1.aarch64.rpme4e9f53f3bfa309d63b3760ea3ae62d6395ce3a4fcdf5c6e764e058a07b80272-ol10_aarch64_baseos_latest
openssh-9.9p1-14.0.1.el10_1.aarch64.rpme4e9f53f3bfa309d63b3760ea3ae62d6395ce3a4fcdf5c6e764e058a07b80272-ol10_aarch64_u1_baseos_patch
openssh-askpass-9.9p1-14.0.1.el10_1.aarch64.rpm0a54df5de884a7a0c4c515ba87352d6813565caee1217d7e5864c9059236d7cd-ol10_aarch64_appstream
openssh-clients-9.9p1-14.0.1.el10_1.aarch64.rpme28d77062a8fd88fbdbc4e926093c5e78e1cce82edbfbd0976065767f1b71551-ol10_aarch64_baseos_latest
openssh-clients-9.9p1-14.0.1.el10_1.aarch64.rpme28d77062a8fd88fbdbc4e926093c5e78e1cce82edbfbd0976065767f1b71551-ol10_aarch64_u1_baseos_patch
openssh-keycat-9.9p1-14.0.1.el10_1.aarch64.rpmbb0b58500c33c5a9d703fc9d926d5790386da0f2349788c17bf14bd247acab43-ol10_aarch64_baseos_latest
openssh-keycat-9.9p1-14.0.1.el10_1.aarch64.rpmbb0b58500c33c5a9d703fc9d926d5790386da0f2349788c17bf14bd247acab43-ol10_aarch64_u1_baseos_patch
openssh-keysign-9.9p1-14.0.1.el10_1.aarch64.rpm40766aecae126c4f3bde71908e27986e9e91d26f64bb6dad45e3fe2eb7ef6ed9-ol10_aarch64_appstream
openssh-server-9.9p1-14.0.1.el10_1.aarch64.rpm720e823cd52ca6d08d17b00965a88692f5aa3b726fea3da26101aa3c5ab64b7a-ol10_aarch64_baseos_latest
openssh-server-9.9p1-14.0.1.el10_1.aarch64.rpm720e823cd52ca6d08d17b00965a88692f5aa3b726fea3da26101aa3c5ab64b7a-ol10_aarch64_u1_baseos_patch
Oracle Linux 10 (x86_64) openssh-9.9p1-14.0.1.el10_1.src.rpm905e51083452742f08d9c3b746bb0e507fc62754606efe7cd43166cf7e042583-ol10_x86_64_appstream
openssh-9.9p1-14.0.1.el10_1.src.rpm905e51083452742f08d9c3b746bb0e507fc62754606efe7cd43166cf7e042583-ol10_x86_64_baseos_latest
openssh-9.9p1-14.0.1.el10_1.src.rpm905e51083452742f08d9c3b746bb0e507fc62754606efe7cd43166cf7e042583-ol10_x86_64_u1_baseos_patch
openssh-9.9p1-14.0.1.el10_1.x86_64.rpm77df4ced36a00564612642f57fab056f4f759fa37e1f89a75354ed19e798fe5c-ol10_x86_64_baseos_latest
openssh-9.9p1-14.0.1.el10_1.x86_64.rpm77df4ced36a00564612642f57fab056f4f759fa37e1f89a75354ed19e798fe5c-ol10_x86_64_u1_baseos_patch
openssh-askpass-9.9p1-14.0.1.el10_1.x86_64.rpm2582a5882bef980307029000db455022f3b7a0d6a8652f7074ded8252ad87275-ol10_x86_64_appstream
openssh-clients-9.9p1-14.0.1.el10_1.x86_64.rpm23193c1b515c83357b8dd1de118ef1baa793f1cdf8e063908252e4537b10a78a-ol10_x86_64_baseos_latest
openssh-clients-9.9p1-14.0.1.el10_1.x86_64.rpm23193c1b515c83357b8dd1de118ef1baa793f1cdf8e063908252e4537b10a78a-ol10_x86_64_u1_baseos_patch
openssh-keycat-9.9p1-14.0.1.el10_1.x86_64.rpma24a71dfdf588cbd77d599e00872c33e36247627baafddac6b91cf36239f7726-ol10_x86_64_baseos_latest
openssh-keycat-9.9p1-14.0.1.el10_1.x86_64.rpma24a71dfdf588cbd77d599e00872c33e36247627baafddac6b91cf36239f7726-ol10_x86_64_u1_baseos_patch
openssh-keysign-9.9p1-14.0.1.el10_1.x86_64.rpm91fc2d083846b6a6ea02da588df349e943188336cb2515bc40f8e9e93c1543ae-ol10_x86_64_appstream
openssh-server-9.9p1-14.0.1.el10_1.x86_64.rpmf132a2be605718b8fa420c8f27abbc2d11041cac02b0fed898c05baa3a04bd3d-ol10_x86_64_baseos_latest
openssh-server-9.9p1-14.0.1.el10_1.x86_64.rpmf132a2be605718b8fa420c8f27abbc2d11041cac02b0fed898c05baa3a04bd3d-ol10_x86_64_u1_baseos_patch



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights