ELSA-2026-19219

ULN >
Oracle Linux Errata repository >
ELSA-2026-19219

ELSA-2026-19219 - openssh security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-06-12

Description

[9.9p1-7.0.2]
- Replace unsupported ML-KEM hybrid algorithm skip logic with v9.9p1-23.el10_2 ML-KEM/NIST backport [Orabug: 39423076]

[9.9p1-7.0.1]
- Upstream references found with /usr/bin/ssh [Orabug: 37814929]

[9.9p1-7 + 0.10.4-9]
- Version bump

[9.9p1-5 + 0.10.4-8]
- CVE-2026-3497: Fix information disclosure or denial of service due
to uninitialized variables in gssapi-keyex
Resolves: RHEL-155825
- Fix incorrect claim about SSH_AUTH_SOCK in pam_ssh_agent_auth manual page
Resolves: RHEL-122302

[9.9p1-4]
- Provide a way to skip unsupported ML-KEM hybrid algorithms in FIPS mode
Resolves: RHEL-151580

[9.9p1-3]
- Enable support for DSA keys
Resolves: RHEL-127624
- CVE-2025-61984: Reject usernames with control characters
Resolves: RHEL-133959
- CVE-2025-61985: Reject URL-strings with NULL characters
Resolves: RHEL-133960

[9.9p1-2]
- Fix implicit destination path selection when source path ends with '..'
Resolves: RHEL-119515
- Canonicalize username when matching a user
Resolves: RHEL-118372

[9.9p1-1]
- Rebase to version 9.9
Resolves: RHEL-108912

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	openssh-9.9p1-7.0.2.el9_8.src.rpm	795595b5f09c45e84ec9da0e7504dc3f3b379404f6fcad31b3ab6cf2c8bf0794	-	ol9_aarch64_appstream
	openssh-9.9p1-7.0.2.el9_8.src.rpm	795595b5f09c45e84ec9da0e7504dc3f3b379404f6fcad31b3ab6cf2c8bf0794	-	ol9_aarch64_baseos_latest
	openssh-9.9p1-7.0.2.el9_8.src.rpm	795595b5f09c45e84ec9da0e7504dc3f3b379404f6fcad31b3ab6cf2c8bf0794	-	ol9_aarch64_u8_baseos_base
	openssh-9.9p1-7.0.2.el9_8.aarch64.rpm	80a96d5e0c180adae2e5cab25d8dcd05124471ca905810489a7fa132a24e942e	-	ol9_aarch64_baseos_latest
	openssh-9.9p1-7.0.2.el9_8.aarch64.rpm	80a96d5e0c180adae2e5cab25d8dcd05124471ca905810489a7fa132a24e942e	-	ol9_aarch64_u8_baseos_base
	openssh-askpass-9.9p1-7.0.2.el9_8.aarch64.rpm	0573dcd655158597013a4752bc5e95c7d903427e73bd6101671cded98b4a8ed9	-	ol9_aarch64_appstream
	openssh-clients-9.9p1-7.0.2.el9_8.aarch64.rpm	8b49854f27d7354cbef021458e6adc8cd98b81733e80e6b087b3e3c4b6a7fce6	-	ol9_aarch64_baseos_latest
	openssh-clients-9.9p1-7.0.2.el9_8.aarch64.rpm	8b49854f27d7354cbef021458e6adc8cd98b81733e80e6b087b3e3c4b6a7fce6	-	ol9_aarch64_u8_baseos_base
	openssh-keycat-9.9p1-7.0.2.el9_8.aarch64.rpm	d64954796df80133939cee35cfaad7e3dba219ade654895780f84731a17aa5af	-	ol9_aarch64_baseos_latest
	openssh-keycat-9.9p1-7.0.2.el9_8.aarch64.rpm	d64954796df80133939cee35cfaad7e3dba219ade654895780f84731a17aa5af	-	ol9_aarch64_u8_baseos_base
	openssh-server-9.9p1-7.0.2.el9_8.aarch64.rpm	774e9607669d371010a243b2f71becb223c64a4978e6380a62a3a749e6dd9224	-	ol9_aarch64_baseos_latest
	openssh-server-9.9p1-7.0.2.el9_8.aarch64.rpm	774e9607669d371010a243b2f71becb223c64a4978e6380a62a3a749e6dd9224	-	ol9_aarch64_u8_baseos_base
	pam_ssh_agent_auth-0.10.4-9.7.0.2.el9_8.aarch64.rpm	f9427cbcdee808b3cabe35e52d9274f8e4810fc4037d475f9a52925f5d8a1b34	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	openssh-9.9p1-7.0.2.el9_8.src.rpm	795595b5f09c45e84ec9da0e7504dc3f3b379404f6fcad31b3ab6cf2c8bf0794	-	ol9_x86_64_appstream
	openssh-9.9p1-7.0.2.el9_8.src.rpm	795595b5f09c45e84ec9da0e7504dc3f3b379404f6fcad31b3ab6cf2c8bf0794	-	ol9_x86_64_baseos_latest
	openssh-9.9p1-7.0.2.el9_8.src.rpm	795595b5f09c45e84ec9da0e7504dc3f3b379404f6fcad31b3ab6cf2c8bf0794	-	ol9_x86_64_u8_baseos_base
	openssh-9.9p1-7.0.2.el9_8.x86_64.rpm	889aaaf75df472d02fd5588b7ecc604f85ed82c10372ff3df5b6c3f6fafa9b47	-	ol9_x86_64_baseos_latest
	openssh-9.9p1-7.0.2.el9_8.x86_64.rpm	889aaaf75df472d02fd5588b7ecc604f85ed82c10372ff3df5b6c3f6fafa9b47	-	ol9_x86_64_u8_baseos_base
	openssh-askpass-9.9p1-7.0.2.el9_8.x86_64.rpm	dfee0201fa43b4f2283583c553ac67e371d98c148e125ad1a990323f3bac8400	-	ol9_x86_64_appstream
	openssh-clients-9.9p1-7.0.2.el9_8.x86_64.rpm	bf66ac595b67f1bb1b95732958604910b2a14f18f543feb826396e6b08f1ca2b	-	ol9_x86_64_baseos_latest
	openssh-clients-9.9p1-7.0.2.el9_8.x86_64.rpm	bf66ac595b67f1bb1b95732958604910b2a14f18f543feb826396e6b08f1ca2b	-	ol9_x86_64_u8_baseos_base
	openssh-keycat-9.9p1-7.0.2.el9_8.x86_64.rpm	f7c305f9bc52959e2b7577a39cdedbb5525db0a1f8d5b092442a0e991a01dd57	-	ol9_x86_64_baseos_latest
	openssh-keycat-9.9p1-7.0.2.el9_8.x86_64.rpm	f7c305f9bc52959e2b7577a39cdedbb5525db0a1f8d5b092442a0e991a01dd57	-	ol9_x86_64_u8_baseos_base
	openssh-server-9.9p1-7.0.2.el9_8.x86_64.rpm	88c472c13856077535a7b9c2137e785818488ac2945f5ccd8584c1119fad11cb	-	ol9_x86_64_baseos_latest
	openssh-server-9.9p1-7.0.2.el9_8.x86_64.rpm	88c472c13856077535a7b9c2137e785818488ac2945f5ccd8584c1119fad11cb	-	ol9_x86_64_u8_baseos_base
	pam_ssh_agent_auth-0.10.4-9.7.0.2.el9_8.x86_64.rpm	e56b4707735dd763784b5d607c855be684ad6804553c2332c61d879e8b16a2b1	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691