ELSA-2026-50325

ULN >
Oracle Linux Errata repository >
ELSA-2026-50325

ELSA-2026-50325 - openssh security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-06-18

Description

[7.4p1-23.0.5_fips]
- Fix privilege escalation via scp legacy protocol when not in preserving
file mode [CVE-2026-35385][Orabug: 39480251]

[7.4p1-23.0.3_fips]
- Change Epoch from 1 to 10
- Enable fips KDF POST [Orabug: 32461750]
- Disable diffie-hellman-group-exchange-sha256 KEX FIPS method [Orabug: 32461739]

Related CVEs

CVE-2026-35385

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (aarch64)	openssh-7.4p1-23.0.5.el7_9_fips.src.rpm	0a6823820a3716b065bec56fd2d8ae568491bad353cb0f0c49c7365529a7483d	-	ol7_aarch64_u8_security_validation
	openssh-7.4p1-23.0.5.el7_9_fips.aarch64.rpm	dee721a8f707b46c6c1eaf385f66d651fadbb838e38ccc40d0484248a64cb886	-	ol7_aarch64_u8_security_validation
	openssh-askpass-7.4p1-23.0.5.el7_9_fips.aarch64.rpm	a8555b59688da718ad0e4d9dc0b1cee68fb392325217cab903a75a6b36d7fc05	-	ol7_aarch64_u8_security_validation
	openssh-cavs-7.4p1-23.0.5.el7_9_fips.aarch64.rpm	fdae4031bf758d85d9a8c845e372cbcf52a878fba808848108dfd4c62539badd	-	ol7_aarch64_u8_security_validation
	openssh-clients-7.4p1-23.0.5.el7_9_fips.aarch64.rpm	0b208dd4feafa6baea8bca15734e43f091f75b56abd9f8902482588be82e81a9	-	ol7_aarch64_u8_security_validation
	openssh-keycat-7.4p1-23.0.5.el7_9_fips.aarch64.rpm	50ca41b8e41c90c3b0117cc5efc605d00c76378571d8de5bd970da581d9aaa39	-	ol7_aarch64_u8_security_validation
	openssh-ldap-7.4p1-23.0.5.el7_9_fips.aarch64.rpm	bd41967d7dcc420fd73aa07050b05f675f5182777684966bed05f7101215d231	-	ol7_aarch64_u8_security_validation
	openssh-server-7.4p1-23.0.5.el7_9_fips.aarch64.rpm	4be2be589081fa8f2b651485c5c7f0d99e8768a36644d926abde364e9cb5a0b1	-	ol7_aarch64_u8_security_validation
	openssh-server-sysvinit-7.4p1-23.0.5.el7_9_fips.aarch64.rpm	58330b13a66901dd9c3ea2e8df6339bddcc6d72b254a30ac5245d42ec9ee10b5	-	ol7_aarch64_u8_security_validation
	pam_ssh_agent_auth-0.10.3-2.23.0.5.el7_9_fips.aarch64.rpm	aec0527e8c479407c84606ce804486035c6518680f83b0c6ab1ac4682abeb53c	-	ol7_aarch64_u8_security_validation

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691