Fedora 43 OpenSSH Key Fix Addresses Privilege Escalation and Session Bugs
fedora
April 28, 2026
CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in preserving file mode CVE-2026-35388: Add connection multiplexing confirmation for proxy-mode multiplexi...
Summary
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features.
This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.
Update Information:
CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in preserving file mode CVE-2026-35388: Add connection multiplexing confirmation for proxy-mode multiplexing sessions CVE-2026-35387: Fix incomplete application of PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard to ECDSA keys CVE-2026-35414: Fix mishandling of authorized_keys principals option CVE-2026-35386: Add validation rules to usernames and hostnames set for ProxyJump/-J on the commandline
Topics Covered
Change Log
* Fri Apr 17 2026 Zoltan Fridrich
References
[ 1 ] Bug #2454941 - CVE-2026-35385 openssh: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454941
[ 2 ] Bug #2454943 - CVE-2026-35414 openssh: OpenSSH: Security bypass via mishandling of authorized_keys principals option [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454943
[ 3 ] Bug #2454944 - CVE-2026-35387 openssh: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454944
[ 4 ] Bug #2454951 - CVE-2026-35388 openssh: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454951
[ 5 ] Bug #2454961 - CVE-2026-35386 openssh: OpenSSH: Arbitrary command execution via shell metacharacters in username [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=...
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2cedc95af8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Name: openssh
Product: Fedora 43
Version: 10.0p1
Release: 9.fc43
Summary: An open source implementation of SSH protocol version 2
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!