Bugs fixes in "openssh"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2026-35414 | OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certific | 2026-04-29 |
| CVE | CVE-2026-35388 | OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. | 2026-04-29 |
| CVE | CVE-2026-35387 | OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is | 2026-04-29 |
| CVE | CVE-2026-35386 | In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the | 2026-04-29 |
| CVE | CVE-2026-35385 | In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download | 2026-04-29 |
| CVE | CVE-2026-35414 | OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certific | 2026-04-29 |
| CVE | CVE-2026-35388 | OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. | 2026-04-29 |
| CVE | CVE-2026-35387 | OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is | 2026-04-29 |
| CVE | CVE-2026-35386 | In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the | 2026-04-29 |
| CVE | CVE-2026-35385 | In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download | 2026-04-29 |
| CVE | CVE-2026-35414 | OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certific | 2026-04-29 |
| CVE | CVE-2026-35388 | OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. | 2026-04-29 |
| CVE | CVE-2026-35387 | OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is | 2026-04-29 |
| CVE | CVE-2026-35386 | In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the | 2026-04-29 |
| CVE | CVE-2026-35385 | In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download | 2026-04-29 |
| CVE | CVE-2026-35414 | OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certific | 2026-04-29 |
| CVE | CVE-2026-35388 | OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. | 2026-04-29 |
| CVE | CVE-2026-35387 | OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is | 2026-04-29 |
| CVE | CVE-2026-35386 | In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the | 2026-04-29 |
| CVE | CVE-2026-35385 | In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download | 2026-04-29 |
About
-
Send Feedback to @ubuntu_updates
