Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Red Hat Enterprise Linux 9 OpenSSH Key Enhancements ELSA-2026-14382

oracle
Calendar Grey May 6, 2026
Oracle Linux Logo Esm H88
Updated OpenSSH packages for Oracle Linux 9 address multiple security issues. Essential updates recommended for users.
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

Summary

[8.7p1-49.0.1] - Upstream references found with /usr/bin/ssh [Orabug: 37814929] - upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand [Orabug: 37647064] - Update upstream references [Orabug: 36564626] [8.7p1-49] - CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in preserving file mode Resolves: RHEL-164752 - CVE-2026-35388: Add connection multiplexing confirmation for proxy-mode multiplexing sessions Resolves: RHEL-166249 - CVE-2026-35387: Fix incomplete application of PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard to ECDSA keys Resolves: RHEL-166233 - CVE-2026-35414: Fix mishandling of authorized_keys principals option Resolves: RHEL-166201 - CVE-2026-35386: Add validation rules to usernames and hostnames set for ProxyJump/-J on the commandline Resolves: RHEL-166217

SRPMs

http://oss.oracle.com/ol9/SRPMS-updates/openssh-8.7p1-49.0.1.el9_7.src.rpm

x86_64

openssh-8.7p1-49.0.1.el9_7.x86_64.rpm openssh-askpass-8.7p1-49.0.1.el9_7.x86_64.rpm openssh-clients-8.7p1-49.0.1.el9_7.x86_64.rpm openssh-keycat-8.7p1-49.0.1.el9_7.x86_64.rpm openssh-server-8.7p1-49.0.1.el9_7.x86_64.rpm pam_ssh_agent_auth-0.10.4-5.49.0.1.el9_7.x86_64.rpm

aarch64

openssh-8.7p1-49.0.1.el9_7.aarch64.rpm openssh-askpass-8.7p1-49.0.1.el9_7.aarch64.rpm openssh-clients-8.7p1-49.0.1.el9_7.aarch64.rpm openssh-keycat-8.7p1-49.0.1.el9_7.aarch64.rpm openssh-server-8.7p1-49.0.1.el9_7.aarch64.rpm pam_ssh_agent_auth-0.10.4-5.49.0.1.el9_7.aarch64.rpm

Severity
important
Lowest
Low
Medium
High
Critical

Related CVEs: CVE-2026-35385 CVE-2026-35386 CVE-2026-35387 CVE-2026-35388 CVE-2026-35414

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here