Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Critical Security Flaws in openSUSE Leap 16.0 Affecting Openssh

opensuse
Calendar Grey May 19, 2026
Dist Opensuse Esm H88
Critical update for openSUSE Leap 16.0 fixing two issues in OpenSSH with importance rating. Install promptly for security.
An update that solves 2 vulnerabilities and has 4 bug fixes can now be installed.

Description

This update for openssh fixes the following issues

Security issues fixed:

- CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid (bsc#1261427).

- CVE-2026-35414: mishandling of authorized_keys principals option (bsc#1261430).

Other issues fixed:

- SSH port not reachable on SLES-16.0-CHOST-BYOS since build 1.32 for both x86_64 and aarch64 (bsc#1262555).

- OpenSSH audit support causes connection lost with parallel sessions (bsc#1252890).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-752=1

Patch

Package List

- openSUSE Leap 16.0:

openssh-10.0p2-160000.5.1

openssh-askpass-gnome-10.0p2-160000.5.1

openssh-cavs-10.0p2-160000.5.1

openssh-clients-10.0p2-160000.5.1

openssh-common-10.0p2-160000.5.1

openssh-helpers-10.0p2-160000.5.1

openssh-server-10.0p2-160000.5.1

openssh-server-config-rootlogin-10.0p2-160000.5.1

References

* bsc#1252890

* bsc#1261427

* bsc#1261430

* bsc#1262555

References:

* https://www.suse.com/security/cve/CVE-2026-35385.html

* https://www.suse.com/security/cve/CVE-2026-35414.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20757-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here