UbuntuUpdates.org

Package "ssh"

Name: ssh

Description:

secure shell client and server (metapackage)
Latest version: 1:9.6p1-3ubuntu13.16
Release: noble (24.04)
Level: updates
Repository: main
Head package: openssh
Homepage: https://www.openssh.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ssh"

All arch deb package
APT INSTALL

Other versions of "ssh" in Noble

Repository Area Version
base main 1:9.6p1-3ubuntu13
security main 1:9.6p1-3ubuntu13.16

Changelog

Version: 1:9.6p1-3ubuntu13.16 2026-04-29 16:09:05 UTC

  openssh (1:9.6p1-3ubuntu13.16) noble-security; urgency=medium

  * SECURITY UPDATE: unexpected scp setuid and setgid
    - debian/patches/CVE-2026-35385.patch: clear setuid/setgid bits from
      downloaded files in scp.c.
    - CVE-2026-35385
  * SECURITY UPDATE: command execution via shell metacharacters in username
    - debian/patches/CVE-2026-35386-pre1.patch: apply validity rules on
      ProxyJump usernames and hostnames in readconf.c, readconf.h, ssh.c.
    - debian/patches/CVE-2026-35386.patch: move username check earlier in
      ssh.c.
    - CVE-2026-35386
  * SECURITY UPDATE: use of unintended ECDSA algorithms
    - debian/patches/CVE-2026-35387_35414.patch: correctly match ECDSA
      signature algorithms against algorithm allowlists in
      auth2-hostbased.c, auth2-pubkey.c, sshconnect2.c.
    - CVE-2026-35387
  * SECURITY UPDATE: missing connection multiplexing confirmation
    - debian/patches/CVE-2026-35388.patch: add missing askpass check in
      mux.c.
    - CVE-2026-35388
  * SECURITY UPDATE: authorized_keys principals option mishandling
    - debian/patches/CVE-2026-35387_35414.patch: check for commas in
      auth2-pubkeyfile.c.
    - CVE-2026-35414

 -- Marc Deslauriers <email address hidden> Mon, 27 Apr 2026 20:29:48 -0400
Source diff to previous version
CVE-2026-35385 In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download
CVE-2026-35386 In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the
CVE-2026-35387 OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is
CVE-2026-35388 OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.
CVE-2026-35414 OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certific

Version: 1:9.6p1-3ubuntu13.15 2026-03-13 12:08:04 UTC

  openssh (1:9.6p1-3ubuntu13.15) noble-security; urgency=medium

  * SECURITY UPDATE: GSSAPI Key Exchange issue
    - debian/patches/gssapi.patch: replace incorrect use of
      sshpkt_disconnect() with ssh_packet_disconnect() and properly
      initialize some vars.
    - CVE-2026-3497
  * SECURITY UPDATE: Untrusted control characters in usernames
    - debian/patches/CVE-2025-61984.patch: refuse usernames that include
      control characters in ssh.c.
    - CVE-2025-61984
  * SECURITY UPDATE: Code execution in ProxyCommand via NULL character
    - debian/patches/CVE-2025-61985.patch: don't allow \0 characters in
      url-encoded strings in misc.c.
    - CVE-2025-61985

 -- Marc Deslauriers <email address hidden> Wed, 04 Mar 2026 12:55:04 -0500
Source diff to previous version
CVE-2026-3497 Vulnerability in the OpenSSH GSSAPI delta included in various Linux di ...
CVE-2025-61984 ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code
CVE-2025-61985 ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

Version: 1:9.6p1-3ubuntu13.14 2025-09-09 12:07:10 UTC

  openssh (1:9.6p1-3ubuntu13.14) noble; urgency=medium

  * d/p/systemd-socket-activation.patch: allow AF_VSOCK sockets (LP: #2111226)

 -- Nick Rosbrook <email address hidden> Tue, 26 Aug 2025 09:49:17 -0400
Source diff to previous version
2111226 sshd socket activation does not support AF_VSOCK

Version: 1:9.6p1-3ubuntu13.13 2025-07-24 16:06:55 UTC

  openssh (1:9.6p1-3ubuntu13.13) noble; urgency=medium

  * Explicitly listen on IPv4 by default, with socket-activated sshd
    (LP: #2080216)
    - d/systemd/ssh.socket: explicitly listen on ipv4 by default
    - d/t/sshd-socket-generator: update for new defaults and AddressFamily
    - sshd-socket-generator: handle new ssh.socket default settings

 -- Nick Rosbrook <email address hidden> Mon, 09 Jun 2025 13:22:39 -0400
Source diff to previous version
2080216 sshd cannot bind to IPv4 interfaces

Version: 1:9.6p1-3ubuntu13.12 2025-06-05 22:07:31 UTC

  openssh (1:9.6p1-3ubuntu13.12) noble; urgency=medium

  * d/p/sshd-socket-generator.patch: add note to sshd_config
    Explain that a systemctl daemon-reload is needed for changes
    to Port et al to take effect.
    (LP: #2069041)

 -- Nick Rosbrook <email address hidden> Tue, 29 Apr 2025 10:57:04 -0400
2069041 Changing Port in sshd_config requires calling systemctl daemon-reload


About   -   Send Feedback to @ubuntu_updates