Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in OpenSSH.
Software Description:
- openssh: secure shell (SSH) for secure access to remote machines
Details:
It was discovered that OpenSSH sftp did not properly constrain the location
of downloaded files when connecting to an attacker-controlled server. An
attacker could possibly use this issue to write files to unintended
locations on the file system. (CVE-2026-59995)
It was discovered that OpenSSH scp could place files in the parent
directory of the intended destination when copying between two remote
hosts. An attacker could possibly use this issue to write files to
unintended locations. (CVE-2026-59996)
It was discovered that OpenSSH internal-sftp only recognized the first nine
command-line arguments, This could result in certain security-sensitive
arguments being ignored, contrary to expectations. (CVE-2026-59997)
It was discovered that OpenSSH had undocumented behaviour regarding the
GSSAPIStrictAcceptorCheck option in environments u...
The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS openssh-client 1:10.2p1-2ubuntu3.4 openssh-server 1:10.2p1-2ubuntu3.4 Ubuntu 24.04 LTS openssh-client 1:9.6p1-3ubuntu13.18 openssh-server 1:9.6p1-3ubuntu13.18 Ubuntu 22.04 LTS openssh-client 1:8.9p1-3ubuntu0.16 openssh-server 1:8.9p1-3ubuntu0.16 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-8533-1
CVE-2026-59995, CVE-2026-59996, CVE-2026-59997, CVE-2026-59998,
CVE-2026-59999, CVE-2026-60000, CVE-2026-60001, CVE-2026-60002
Get the latest Linux and open source security news straight to your inbox.