ELSA-2026-13381

ULN >
Oracle Linux Errata repository >
ELSA-2026-13381

ELSA-2026-13381 - openssh security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-05-05

Description

[8.7p1-49.0.1]
- Upstream references found with /usr/bin/ssh [Orabug: 37814929]
- upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand [Orabug: 37647064]
- Update upstream references [Orabug: 36564626]

[8.7p1-49]
- CVE-2026-35385: Fix privilege escalation via scp legacy protocol
when not in preserving file mode
Resolves: RHEL-164752
- CVE-2026-35388: Add connection multiplexing confirmation for proxy-mode
multiplexing sessions
Resolves: RHEL-166249
- CVE-2026-35387: Fix incomplete application of PubkeyAcceptedAlgorithms
and HostbasedAcceptedAlgorithms with regard to ECDSA keys
Resolves: RHEL-166233
- CVE-2026-35414: Fix mishandling of authorized_keys principals option
Resolves: RHEL-166201
- CVE-2026-35386: Add validation rules to usernames and hostnames
set for ProxyJump/-J on the commandline
Resolves: RHEL-166217

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	openssh-8.7p1-49.0.1.el9_7.src.rpm	41b5f5c8914e862f1649f87a80448fc7b2dbf16120899a7dbc4f6b4d460c6b66	-	ol9_aarch64_appstream
	openssh-8.7p1-49.0.1.el9_7.src.rpm	41b5f5c8914e862f1649f87a80448fc7b2dbf16120899a7dbc4f6b4d460c6b66	-	ol9_aarch64_baseos_latest
	openssh-8.7p1-49.0.1.el9_7.src.rpm	41b5f5c8914e862f1649f87a80448fc7b2dbf16120899a7dbc4f6b4d460c6b66	-	ol9_aarch64_u7_baseos_patch
	openssh-8.7p1-49.0.1.el9_7.aarch64.rpm	160d3105cdabec2c342438e8baef1dbbda805f53a264514bc824428703fd7ccc	-	ol9_aarch64_baseos_latest
	openssh-8.7p1-49.0.1.el9_7.aarch64.rpm	160d3105cdabec2c342438e8baef1dbbda805f53a264514bc824428703fd7ccc	-	ol9_aarch64_u7_baseos_patch
	openssh-askpass-8.7p1-49.0.1.el9_7.aarch64.rpm	ec244115383744aee7b8b9eaf30a21a07e9374a040d1db997a1536af2e3412d4	-	ol9_aarch64_appstream
	openssh-clients-8.7p1-49.0.1.el9_7.aarch64.rpm	9d02dc30cdc30b895c3fd95b96a7b2f62aa2ef88019ba3e78bacc87c088e00b7	-	ol9_aarch64_baseos_latest
	openssh-clients-8.7p1-49.0.1.el9_7.aarch64.rpm	9d02dc30cdc30b895c3fd95b96a7b2f62aa2ef88019ba3e78bacc87c088e00b7	-	ol9_aarch64_u7_baseos_patch
	openssh-keycat-8.7p1-49.0.1.el9_7.aarch64.rpm	9afbefffc5b001813d00bce23d24f1f578bd4b72508932512cbf5bbcfc3984db	-	ol9_aarch64_baseos_latest
	openssh-keycat-8.7p1-49.0.1.el9_7.aarch64.rpm	9afbefffc5b001813d00bce23d24f1f578bd4b72508932512cbf5bbcfc3984db	-	ol9_aarch64_u7_baseos_patch
	openssh-server-8.7p1-49.0.1.el9_7.aarch64.rpm	05f27f7e65af037dcd0706545decb7ae82c7181c88386e9a5ed8b8e1f7a7b778	-	ol9_aarch64_baseos_latest
	openssh-server-8.7p1-49.0.1.el9_7.aarch64.rpm	05f27f7e65af037dcd0706545decb7ae82c7181c88386e9a5ed8b8e1f7a7b778	-	ol9_aarch64_u7_baseos_patch
	pam_ssh_agent_auth-0.10.4-5.49.0.1.el9_7.aarch64.rpm	ea4d13240625d36af010a937bfe4c79ac8aeb514866d552515cf0238d61edb37	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	openssh-8.7p1-49.0.1.el9_7.src.rpm	41b5f5c8914e862f1649f87a80448fc7b2dbf16120899a7dbc4f6b4d460c6b66	-	ol9_x86_64_appstream
	openssh-8.7p1-49.0.1.el9_7.src.rpm	41b5f5c8914e862f1649f87a80448fc7b2dbf16120899a7dbc4f6b4d460c6b66	-	ol9_x86_64_baseos_latest
	openssh-8.7p1-49.0.1.el9_7.src.rpm	41b5f5c8914e862f1649f87a80448fc7b2dbf16120899a7dbc4f6b4d460c6b66	-	ol9_x86_64_u7_baseos_patch
	openssh-8.7p1-49.0.1.el9_7.x86_64.rpm	253b16ccd25dd9213959143ceb93b16fd2be0aefced6890284949a0da33f23e8	-	ol9_x86_64_baseos_latest
	openssh-8.7p1-49.0.1.el9_7.x86_64.rpm	253b16ccd25dd9213959143ceb93b16fd2be0aefced6890284949a0da33f23e8	-	ol9_x86_64_u7_baseos_patch
	openssh-askpass-8.7p1-49.0.1.el9_7.x86_64.rpm	4a03530f368689c6900d3ca900a3ee9654f93efc7e8669962ec749c36dfdf319	-	ol9_x86_64_appstream
	openssh-clients-8.7p1-49.0.1.el9_7.x86_64.rpm	f5ac990973ef93aedfbac42103dba4bbd7a0cbc61fb48fc9ffebf6d32b78afce	-	ol9_x86_64_baseos_latest
	openssh-clients-8.7p1-49.0.1.el9_7.x86_64.rpm	f5ac990973ef93aedfbac42103dba4bbd7a0cbc61fb48fc9ffebf6d32b78afce	-	ol9_x86_64_u7_baseos_patch
	openssh-keycat-8.7p1-49.0.1.el9_7.x86_64.rpm	34f82fa2e8e223c4261375ba16175c592e5b9cd9e4015eb157dacfaade9ebcb7	-	ol9_x86_64_baseos_latest
	openssh-keycat-8.7p1-49.0.1.el9_7.x86_64.rpm	34f82fa2e8e223c4261375ba16175c592e5b9cd9e4015eb157dacfaade9ebcb7	-	ol9_x86_64_u7_baseos_patch
	openssh-server-8.7p1-49.0.1.el9_7.x86_64.rpm	22a3306193ac61bb8e83ebb8b2f9b3bf6935cfe6e005b331f0e110ef4fc86a4a	-	ol9_x86_64_baseos_latest
	openssh-server-8.7p1-49.0.1.el9_7.x86_64.rpm	22a3306193ac61bb8e83ebb8b2f9b3bf6935cfe6e005b331f0e110ef4fc86a4a	-	ol9_x86_64_u7_baseos_patch
	pam_ssh_agent_auth-0.10.4-5.49.0.1.el9_7.x86_64.rpm	19267e0bb4212b10dcf5cade91d003446ee9bce1cbcc03697c6d8e4f919bcb10	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691