Package "openssh-client"
| Name: |
openssh-client
|
Description: |
secure shell (SSH) client, for secure access to remote machines
|
| Latest version: |
1:10.0p1-5ubuntu5.4 |
| Release: |
questing (25.10) |
| Level: |
updates |
| Repository: |
main |
| Head package: |
openssh |
| Homepage: |
https://www.openssh.com/ |
Links
Download "openssh-client"
Other versions of "openssh-client" in Questing
Changelog
|
openssh (1:10.0p1-5ubuntu5.4) questing-security; urgency=medium
* SECURITY UPDATE: unexpected scp setuid and setgid
- debian/patches/CVE-2026-35385.patch: clear setuid/setgid bits from
downloaded files in scp.c.
- CVE-2026-35385
* SECURITY UPDATE: command execution via shell metacharacters in username
- debian/patches/CVE-2026-35386-pre1.patch: apply validity rules on
ProxyJump usernames and hostnames in readconf.c, readconf.h, ssh.c.
- debian/patches/CVE-2026-35386.patch: move username check earlier in
ssh.c.
- debian/patches/CVE-2026-35386-2.patch: adapt to username validity
check change in regress/percent.sh.
- CVE-2026-35386
* SECURITY UPDATE: use of unintended ECDSA algorithms
- debian/patches/CVE-2026-35387_35414.patch: correctly match ECDSA
signature algorithms against algorithm allowlists in
auth2-hostbased.c, auth2-pubkey.c, sshconnect2.c.
- CVE-2026-35387
* SECURITY UPDATE: missing connection multiplexing confirmation
- debian/patches/CVE-2026-35388.patch: add missing askpass check in
mux.c.
- CVE-2026-35388
* SECURITY UPDATE: authorized_keys principals option mishandling
- debian/patches/CVE-2026-35387_35414.patch: check for commas in
auth2-pubkeyfile.c.
- CVE-2026-35414
-- Marc Deslauriers <email address hidden> Mon, 27 Apr 2026 20:24:02 -0400
|
| Source diff to previous version |
| CVE-2026-35385 |
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download |
| CVE-2026-35386 |
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the |
| CVE-2026-35387 |
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is |
| CVE-2026-35388 |
OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. |
| CVE-2026-35414 |
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certific |
|
|
openssh (1:10.0p1-5ubuntu5.1) questing-security; urgency=medium
* SECURITY UPDATE: GSSAPI Key Exchange issue
- debian/patches/gssapi.patch: replace incorrect use of
sshpkt_disconnect() with ssh_packet_disconnect() and properly
initialize some vars.
- CVE-2026-3497
* SECURITY UPDATE: Untrusted control characters in usernames
- debian/patches/CVE-2025-61984.patch: Improve rules for %-expansion of
username in ssh.c.
- CVE-2025-61984
* SECURITY UPDATE: Code execution in ProxyCommand via NULL character
- debian/patches/CVE-2025-61985.patch: don't allow \0 characters in
url-encoded strings in misc.c.
- CVE-2025-61985
-- Marc Deslauriers <email address hidden> Wed, 04 Mar 2026 12:55:04 -0500
|
| CVE-2026-3497 |
Vulnerability in the OpenSSH GSSAPI delta included in various Linux di ... |
| CVE-2025-61984 |
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code |
| CVE-2025-61985 |
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. |
|
About
-
Send Feedback to @ubuntu_updates
