Oracle Linux 10 OpenSSH Significant Security Update ELSA-2026-13400
oracle
May 6, 2026
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
Summary
[9.9p1-14.0.1] - Upstream references found with /usr/bin/ssh [Orabug: 37824421] [9.9p1-14] - CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in preserving file mode Resolves: RHEL-164738 - CVE-2026-35388: Add connection multiplexing confirmation for proxy-mode multiplexing sessions Resolves: RHEL-166237 - CVE-2026-35387: Fix incomplete application of PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard to ECDSA keys Resolves: RHEL-166221 - CVE-2026-35414: Fix mishandling of authorized_keys principals option Resolves: RHEL-166189 - CVE-2026-35386: Add validation rules to usernames and hostnames set for ProxyJump/-J on the commandline Resolves: RHEL-166205
Topics Covered
SRPMs
http://oss.oracle.com/ol10/SRPMS-updates/openssh-9.9p1-14.0.1.el10_1.src.rpm
x86_64
openssh-9.9p1-14.0.1.el10_1.x86_64.rpm openssh-askpass-9.9p1-14.0.1.el10_1.x86_64.rpm openssh-clients-9.9p1-14.0.1.el10_1.x86_64.rpm openssh-keycat-9.9p1-14.0.1.el10_1.x86_64.rpm openssh-keysign-9.9p1-14.0.1.el10_1.x86_64.rpm openssh-server-9.9p1-14.0.1.el10_1.x86_64.rpm
aarch64
openssh-9.9p1-14.0.1.el10_1.aarch64.rpm openssh-askpass-9.9p1-14.0.1.el10_1.aarch64.rpm openssh-clients-9.9p1-14.0.1.el10_1.aarch64.rpm openssh-keycat-9.9p1-14.0.1.el10_1.aarch64.rpm openssh-keysign-9.9p1-14.0.1.el10_1.aarch64.rpm openssh-server-9.9p1-14.0.1.el10_1.aarch64.rpm
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Related CVEs:
CVE-2026-35385
CVE-2026-35386
CVE-2026-35387
CVE-2026-35388
CVE-2026-35414
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!