Package "openssh-client"
| Name: |
openssh-client
|
Description: |
secure shell (SSH) client, for secure access to remote machines
|
| Latest version: |
1:10.2p1-2ubuntu3.4 |
| Release: |
resolute (26.04) |
| Level: |
security |
| Repository: |
main |
| Head package: |
openssh |
| Homepage: |
https://www.openssh.com/ |
Links
Download "openssh-client"
Other versions of "openssh-client" in Resolute
Changelog
|
openssh (1:10.2p1-2ubuntu3.4) resolute-security; urgency=medium
* SECURITY UPDATE: sftp downloaded files location issue
- debian/patches/CVE-2026-59995.patch: upstream: avoid download to server-
controlled path when performing in sftp.c.
- CVE-2026-59995
* SECURITY UPDATE: scp parent directory issue
- debian/patches/CVE-2026-59996.patch: upstream: resist that return ".." via
remote glob during in scp.c.
- CVE-2026-59996
* SECURITY UPDATE: internal-sftp ignores more than 9 commandline args
- debian/patches/CVE-2026-59997.patch: upstream: pass >9 commandline
arguments to the internal-sftp server, in session.c.
- CVE-2026-59997
* SECURITY UPDATE: undocumented GSSAPIStrictAcceptorCheck behaviour
- debian/patches/CVE-2026-59998.patch: upstream: mention a caveat regarding
GSSAPIStrictAcceptorCheck in in sshd_config.5.
- CVE-2026-59998
* SECURITY UPDATE: DisableForwarding=yes not taking proper precedence
- debian/patches/CVE-2026-59999.patch: upstream: DisableForwarding=yes
didn't override PermitTunnel=yes in serverloop.c.
- CVE-2026-59999
* SECURITY UPDATE: DoS via MaxAuthTries mishandling
- debian/patches/CVE-2026-60000-1.patch: upstream: Fix multiple RFC 4462
(GSSAPIAuthentication) compliance in auth2-gss.c.
- debian/patches/CVE-2026-60000-2.patch: upstream: unused variables in
auth2-gss.c.
- CVE-2026-60000
* SECURITY UPDATE: minimum authentication delay not always honoured
- debian/patches/CVE-2026-60001.patch: upstream: Fix cases in GSSAPI and
keyboard-interactive in auth.h, auth2-chall.c, auth2-gss.c, auth2.c.
- CVE-2026-60001
* SECURITY UPDATE: Use-after-free during a key re-exchange
- debian/patches/CVE-2026-60002.patch: upstream: fix ownership and lifetime
of several bits of client in ssh.c, sshconnect.c, sshconnect.h,
sshconnect2.c.
- CVE-2026-60002
-- Marc Deslauriers <email address hidden> Thu, 09 Jul 2026 14:06:35 -0400
|
| Source diff to previous version |
| CVE-2026-59995 |
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controll |
| CVE-2026-59996 |
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations. |
| CVE-2026-59997 |
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argum |
| CVE-2026-59998 |
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active |
| CVE-2026-59999 |
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not. |
| CVE-2026-60000 |
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) becaus |
| CVE-2026-60001 |
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay. |
| CVE-2026-60002 |
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the cl |
|
|
openssh (1:10.2p1-2ubuntu3.2) resolute-security; urgency=medium
* SECURITY UPDATE: unexpected scp setuid and setgid
- debian/patches/CVE-2026-35385.patch: clear setuid/setgid bits from
downloaded files in scp.c.
- CVE-2026-35385
* SECURITY UPDATE: command execution via shell metacharacters in username
- debian/patches/CVE-2026-35386-pre1.patch: apply validity rules on
ProxyJump usernames and hostnames in readconf.c, readconf.h, ssh.c.
- debian/patches/CVE-2026-35386.patch: move username check earlier in
ssh.c.
- debian/patches/CVE-2026-35386-2.patch: adapt to username validity
check change in regress/percent.sh.
- CVE-2026-35386
* SECURITY UPDATE: use of unintended ECDSA algorithms
- debian/patches/CVE-2026-35387_35414.patch: correctly match ECDSA
signature algorithms against algorithm allowlists in
auth2-hostbased.c, auth2-pubkey.c, sshconnect2.c.
- CVE-2026-35387
* SECURITY UPDATE: missing connection multiplexing confirmation
- debian/patches/CVE-2026-35388.patch: add missing askpass check in
mux.c.
- CVE-2026-35388
* SECURITY UPDATE: authorized_keys principals option mishandling
- debian/patches/CVE-2026-35387_35414.patch: check for commas in
auth2-pubkeyfile.c.
- CVE-2026-35414
-- Marc Deslauriers <email address hidden> Mon, 27 Apr 2026 20:15:40 -0400
|
| CVE-2026-35385 |
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download |
| CVE-2026-35386 |
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the |
| CVE-2026-35387 |
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is |
| CVE-2026-35388 |
OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. |
| CVE-2026-35414 |
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certific |
|
About
-
Send Feedback to @ubuntu_updates