24 matches found
EulerOS 2.0 SP15 : openssh (EulerOS-SA-2026-2455)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.CVE-2026-35388 OpenSSH before 10.3 mishandles...
EulerOS 2.0 SP15 : openssh (EulerOS-SA-2026-2496)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.CVE-2026-35388 OpenSSH before 10.3 mishandles...
SUSE-SU-2026:22352-1 Security update for openssh
This update for openssh fixes the following issues Security fixes: - CVE-2026-3497: information disclosure or denial of service due to uninitialized variables bsc1259642. - CVE-2026-35388: omitted connection multiplexing confirmation for proxy-mode multiplexing sessions bsc1261441. - openssh...
OPENSUSE-SU-2026:21044-1 Security update for openssh
This update for openssh fixes the following issues Security fixes: - CVE-2026-3497: information disclosure or denial of service due to uninitialized variables bsc1259642. - CVE-2026-35388: omitted connection multiplexing confirmation for proxy-mode multiplexing sessions bsc1261441. - openssh...
SUSE-SU-2026:2430-1 Security update for openssh8.4
This update for openssh8.4 fixes the following issues - CVE-2026-3497: Information disclosure or denial of service due to uninitialized variables bsc1259642. - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35388: omitted connection multiplexing...
SUSE-SU-2026:2375-1 Security update for openssh
This update for openssh fixes the following issues - CVE-2026-3497: information disclosure or denial of service due to uninitialized variables bsc1259642. - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35388: omitted connection multiplexing...
SUSE-SU-2026:2371-1 Security update for openssh
This update for openssh fixes the following issues - CVE-2026-3497: information disclosure or denial of service due to uninitialized variables bsc1259642. - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35388: omitted connection multiplexing...
MGASA-2026-0193 Updated openssh packages fix security vulnerabilities
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode. CVE-2026-35385 In OpenSSH before 10.3, command execution can occur vi...
Updated openssh packages fix security vulnerabilities
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode. CVE-2026-35385 In OpenSSH before 10.3, command execution can occur vi...
RHEL 8 : openssh (RHSA-2026:22329)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22329 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...
Important: Red Hat Security Advisory: openssh update
An update for openssh is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Security Bulletin: Multiple vulnerabilities in OpenSSH affect AIX
Summary There are multiple vulnerabilities in OpenSSH used by AIX CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2026-35385 DESCRIPTION: In OpenSSH before 10.3, a file downloaded by scp may b...
RHEL 8 : openssh (RHSA-2026:21398)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21398 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...
RockyLinux 9 : openssh (RLSA-2026:19219)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19219 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...
Amazon Linux 2023 : openssh, openssh-clients, openssh-keycat (ALAS2023-2026-1745)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1745 advisory. Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the...
RockyLinux 9 : openssh (RLSA-2026:13381)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13381 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...
ALSA-2026:13380 Important: openssh security update
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode...
ALSA-2026:13383 Important: openssh security update
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode...
AlmaLinux 8 : openssh (ALSA-2026:13383)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13383 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...
USN-8222-1 openssh vulnerabilities
Christos Papakonstantinou discovered that the OpenSSH scp tool incorrectly handled the legacy scp protocol -O option. This could result in certain files being installed setuid or setgid, contrary to expectations. CVE-2026-35385 Florian Kohnhäuser discovered that OpenSSH incorrectly handled shell...