MGASA-2026-0193 Updated openssh packages fix security vulnerabilities

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode. CVE-2026-35385 In OpenSSH before 10.3, command execution can occur vi...

CLSA-2026-1777453856 openssh: Fix of CVE-2026-35414

CVE-2026-35414: fix incorrect matching of principals in the authorizedkeys principals="..." option when a certificate principal contains a comma character...