Jump to letter: [
7ABCDEFGHIJKLMNOPQRSTUVWXYZ
]
openssh - An open source implementation of SSH protocol version 2
- Description:
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features.
This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.
Packages
| openssh-8.0p1-13.aldos.x86_64
[510 KiB] |
Changelog
by Joel Barrios (2026-05-12):
- Sync parches with AlmaLinux.
- CVE-2026-35385: Fix privilege escalation via scp legacy protocol
when not in preserving file mode
Resolves: RHEL-164743
- CVE-2026-35388: Add connection multiplexing confirmation for proxy-mode
multiplexing sessions
Resolves: RHEL-166240
- CVE-2026-35387: Fix incomplete application of PubkeyAcceptedAlgorithms
and HostbasedAcceptedAlgorithms with regard to ECDSA keys
Resolves: RHEL-166224
- CVE-2026-35414: Fix mishandling of authorized_keys principals option
Resolves: RHEL-166192
- CVE-2026-35386: Add validation rules to usernames and hostnames
set for ProxyJump/-J on the commandline
Resolves: RHEL-166208
- CVE-2026-3497: Fix information disclosure or denial of service due
to uninitialized variables in gssapi-keyex
Resolves: RHEL-155814
- CVE-2025-61984: Reject usernames with control characters
Resolves: RHEL-128400
- CVE-2025-61985: Reject URL-strings with NULL characters
Resolves: RHEL-128390
- Fix missing invalid error code checks in OpenSSH. It prevents
a MITM attack when VerifyHostKeyDNS is on (CVE-2025-26465)
Resolves: RHEL-109228
- Upstream: Ignore SIGPIPE earlier in main()
Resolves: RHEL-37743
- Providing a kill switch for scp to deal with CVE-2020-15778
Resolves: RHEL-22870
- Fix Terrapin attack
Resolves: RHEL-19308
- Fix Terrapin attack
Resolves: RHEL-19308
- Forbid shell metasymbols in username/hostname
Resolves: RHEL-19788
- Using DigestSign/DigestVerify functions for better FIPS compatibility
Resolves: RHEL-5217
- Limit artificial delays in sshd while login using AD user
Resolves: RHEL-1684
- Add comment to OpenSSH server config about FIPS-incompatible key
Resolves: RHEL-5221
- Avoid killing all processes on system in case of race condition
Resolves: RHEL-11548
- Avoid sshd_config 256K limit
Resolves: RHEL-5279
- Using DigestSign/DigestVerify functions for better FIPS compatibility
Resolves: RHEL-5217
- Fix GSS KEX causing ssh failures when connecting to WinSSHD
Resolves: RHEL-5321
Related: CVE-2023-38408
- Avoid remote code execution in ssh-agent PKCS#11 support
Resolves: CVE-2023-38408
- Fix parsing of IPv6 IPs in sftp client (#2151334)
- Avoid ssh banner one-byte overflow (#2138344)
- Avoid crash of sshd when Include folder does not exist (#2133087)
|