Alerts This Week
Warning Icon 1 1,375
Alerts This Week
Warning Icon 1 1,375

Fedora 43 opkssh Important Update CVE-2026-39828 CVE-2026-39830

fedora
Calendar Grey July 1, 2026
Dist Fedora Esm H88
Learn about the Fedora 43 opkssh update fixing critical issues with denial of service risks and unauthorized commands.
Update bundled golang.org/x/crypto to 0.53.0

Summary

OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect

allowing SSH access to be managed via identities like alice@example.com instead

of long-lived SSH keys.

Update Information:

Update bundled golang.org/x/crypto to 0.53.0

Change Log

* Mon Jun 22 2026 Till Hofmann - 0.14.0-3 - Update bundled golang.org/x/crypto to 0.53.0

References


[ 1 ] Bug #2489950 - CVE-2026-39828 opkssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489950 [ 2 ] Bug #2490498 - CVE-2026-39830 opkssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490498

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-12d4cde449' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: opkssh
Product: Fedora 43
Version: 0.14.0
Release: 3.fc43
Summary: OpenPubkey SSH

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here