Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Fedora 44 opkssh 0.15.0 Important Denial of Service Vulnern 2026-a7570524a7

fedora
Calendar Grey July 8, 2026
Dist Fedora Esm H88
The opkssh 0.15.0 update for Fedora 44 resolves critical Denial of Service issues affecting its dependencies.
Update to opkssh 0.15.0

Summary

OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect

allowing SSH access to be managed via identities like alice@example.com instead

of long-lived SSH keys.

Update Information:

Update to opkssh 0.15.0. This release fixes several CVEs in bundled/vendored dependencies: CVE-2026-39829: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters CVE-2026-39835: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate CVE-2026-39833: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation CVE-2026-27145: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries (fixed via the Go toolchain used to build this package)

Change Log

* Thu Jul 2 2026 Till Hofmann - 0.15.0-2 - Drop obsolete golang.org/x/crypto override * Thu Jul 2 2026 Till Hofmann - 0.15.0-1 - Update to 0.15.0

References


[ 1 ] Bug #2490078 - CVE-2026-39829 opkssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490078 [ 2 ] Bug #2492509 - opkssh-0.15.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2492509 [ 3 ] Bug #2493536 - CVE-2026-39835 opkssh: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2493536 [ 4 ] Bug #2494282 - CVE-2026-27145 opkssh: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494282 [ 5 ] Bug #2494472 - CVE-2026-39833 opkssh: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494472

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a7570524a7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: opkssh
Product: Fedora 44
Version: 0.15.0
Release: 2.fc44
Summary: OpenPubkey SSH

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.