Red Hat Product Errata RHSA-2026:22329 - Security Advisory Issued: 2026-06-01 Updated: 2026-06-01 RHSA-2026:22329 - Security Advisory Overview Updated Packages Synopsis Important: openssh security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for openssh is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): openssh: potential command injection via shell metacharacters (CVE-2023-51385) OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode (CVE-2026-35385) OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option (CVE-2026-35414) OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage (CVE-2026-35387) OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions (CVE-2026-35388) OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username (CVE-2026-35386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64 Red Hat Enterprise Linux Server - AUS 8.4 x86_64 Fixes BZ - 2255271 - CVE-2023-51385 openssh: potential command injection via shell metacharacters BZ - 2454469 - CVE-2026-35385 OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode BZ - 2454490 - CVE-2026-35414 OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option BZ - 2454494 - CVE-2026-35387 OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage BZ - 2454500 - CVE-2026-35388 OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions BZ - 2454506 - CVE-2026-35386 OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username CVEs CVE-2023-51385 CVE-2026-35385 CVE-2026-35386 CVE-2026-35387 CVE-2026-35388 CVE-2026-35414 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 SRPM openssh-8.0p1-7.el8_4.2.src.rpm SHA-256: c68df8af04a8ef3f96f1584864f74f841c6805d8ef6c618f023608cc5d0ded82 x86_64 openssh-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: f994589b8b5484fe79357305dd6e76841e9916823b5080b63623fb48e4ee60fa openssh-askpass-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: 02c3a47bb8e48b23b28f887b978ceff04ca35d8d2a84eaeebcb5e174b9e0f2fa openssh-askpass-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: dba88c7cd6e62083328ab27491d2aa9618df8966b04a7b5b31289bba2646a33f openssh-askpass-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: dba88c7cd6e62083328ab27491d2aa9618df8966b04a7b5b31289bba2646a33f openssh-cavs-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: 3d4547e68da9f87ffd378a1f05cc1f35081b0ce94a3f7ea97c10cdf878d5589e openssh-cavs-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: de62c3f9a533fe4b2eeeff1e5bf3e53cabd534d5044512fea473aba80208d1f1 openssh-cavs-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: de62c3f9a533fe4b2eeeff1e5bf3e53cabd534d5044512fea473aba80208d1f1 openssh-clients-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: d9a5fbeafbb1659134fcd351e40484923417fbf709b2aeea12e7cba510583fbe openssh-clients-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: cf220f26ee6e5e2c976b5334fbf38206d90c9545d4780c44dd84a5bd1b511d9d openssh-clients-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: cf220f26ee6e5e2c976b5334fbf38206d90c9545d4780c44dd84a5bd1b511d9d openssh-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: 7657f1bde8737e2d83106ce47738f7571cff77072f76d8e1f76db1768052bf35 openssh-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: 7657f1bde8737e2d83106ce47738f7571cff77072f76d8e1f76db1768052bf35 openssh-debugsource-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: a8337b9558c9fe041e6a979834f70c0036acafa594befccb7f4106061cd78beb openssh-debugsource-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: a8337b9558c9fe041e6a979834f70c0036acafa594befccb7f4106061cd78beb openssh-keycat-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: e1a90b763ea6a9139f797a4bd333187950ed05b0987335e696745627ed56bac2 openssh-keycat-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: 20e5c86132272bcf8d37c5d5e286d85adaac978dea76c64763e37fc530a6b369 openssh-keycat-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: 20e5c86132272bcf8d37c5d5e286d85adaac978dea76c64763e37fc530a6b369 openssh-ldap-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: d35f205aa14a45e88055729043f7ff301570a42a5b588522cfcaadd3284c0ee3 openssh-ldap-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: a02fa8d202d62c0e9b26e2e98d0015b18193ddf25438bd2d5a64e3d3f9e80cc0 openssh-ldap-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: a02fa8d202d62c0e9b26e2e98d0015b18193ddf25438bd2d5a64e3d3f9e80cc0 openssh-server-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: 8b78dff7d7a91d32eae5dd9a83620f621d532dad31c278f94a33795b4a3095cc openssh-server-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: fe6ca0f60ae6c64514ba8b87478df5a75a95caed8c9485810294ab3f21d1fe08 openssh-server-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: fe6ca0f60ae6c64514ba8b87478df5a75a95caed8c9485810294ab3f21d1fe08 pam_ssh_agent_auth-0.10.3-7.7.el8_4.3.x86_64.rpm SHA-256: 1764740c3a3d1592f465835cc65df2d772b60feac6d9cbb77c9a4db0d67e6c3b pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.3.x86_64.rpm SHA-256: 9bedd2de8a5dbb7e7c125c2ff86347a39ab971f6902e26d6ae06b87a7068195e pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.3.x86_64.rpm SHA-256: 9bedd2de8a5dbb7e7c125c2ff86347a39ab971f6902e26d6ae06b87a7068195e Red Hat Enterprise Linux Server - AUS 8.4 SRPM openssh-8.0p1-7.el8_4.2.src.rpm SHA-256: c68df8af04a8ef3f96f1584864f74f841c6805d8ef6c618f023608cc5d0ded82 x86_64 openssh-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: f994589b8b5484fe79357305dd6e76841e9916823b5080b63623fb48e4ee60fa openssh-askpass-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: 02c3a47bb8e48b23b28f887b978ceff04ca35d8d2a84eaeebcb5e174b9e0f2fa openssh-askpass-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: dba88c7cd6e62083328ab27491d2aa9618df8966b04a7b5b31289bba2646a33f openssh-askpass-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: dba88c7cd6e62083328ab27491d2aa9618df8966b04a7b5b31289bba2646a33f openssh-cavs-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: 3d4547e68da9f87ffd378a1f05cc1f35081b0ce94a3f7ea97c10cdf878d5589e openssh-cavs-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: de62c3f9a533fe4b2eeeff1e5bf3e53cabd534d5044512fea473aba80208d1f1 openssh-cavs-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: de62c3f9a533fe4b2eeeff1e5bf3e53cabd534d5044512fea473aba80208d1f1 openssh-clients-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: d9a5fbeafbb1659134fcd351e40484923417fbf709b2aeea12e7cba510583fbe openssh-clients-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: cf220f26ee6e5e2c976b5334fbf38206d90c9545d4780c44dd84a5bd1b511d9d openssh-clients-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: cf220f26ee6e5e2c976b5334fbf38206d90c9545d4780c44dd84a5bd1b511d9d openssh-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: 7657f1bde8737e2d83106ce47738f7571cff77072f76d8e1f76db1768052bf35 openssh-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: 7657f1bde8737e2d83106ce47738f7571cff77072f76d8e1f76db1768052bf35 openssh-debugsource-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: a8337b9558c9fe041e6a979834f70c0036acafa594befccb7f4106061cd78beb openssh-debugsource-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: a8337b9558c9fe041e6a979834f70c0036acafa594befccb7f4106061cd78beb openssh-keycat-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: e1a90b763ea6a9139f797a4bd333187950ed05b0987335e696745627ed56bac2 openssh-keycat-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: 20e5c86132272bcf8d37c5d5e286d85adaac978dea76c64763e37fc530a6b369 openssh-keycat-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: 20e5c86132272bcf8d37c5d5e286d85adaac978dea76c64763e37fc530a6b369 openssh-ldap-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: d35f205aa14a45e88055729043f7ff301570a42a5b588522cfcaadd3284c0ee3 openssh-ldap-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: a02fa8d202d62c0e9b26e2e98d0015b18193ddf25438bd2d5a64e3d3f9e80cc0 openssh-ldap-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: a02fa8d202d62c0e9b26e2e98d0015b18193ddf25438bd2d5a64e3d3f9e80cc0 openssh-server-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: 8b78dff7d7a91d32eae5dd9a83620f621d532dad31c278f94a33795b4a3095cc openssh-server-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: fe6ca0f60ae6c64514ba8b87478df5a75a95caed8c9485810294ab3f21d1fe08 openssh-server-debuginfo-8.0p1-7.el8_4.2.x86_64.rpm SHA-256: fe6ca0f60ae6c64514ba8b87478df5a75a95caed8c9485810294ab3f21d1fe08 pam_ssh_agent_auth-0.10.3-7.7.el8_4.3.x86_64.rpm SHA-256: 1764740c3a3d1592f465835cc65df2d772b60feac6d9cbb77c9a4db0d67e6c3b pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.3.x86_64.rpm SHA-256: 9bedd2de8a5dbb7e7c125c2ff86347a39ab971f6902e26d6ae06b87a7068195e pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.3.x86_64.rpm SHA-256: 9bedd2de8a5dbb7e7c125c2ff86347a39ab971f6902e26d6ae06b87a7068195e The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .