-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 05 May 2026 11:25:39 +0100 Source: openssh Architecture: source Version: 1:10.0p1-7+deb13u3 Distribution: trixie Urgency: medium Maintainer: Debian OpenSSH Maintainers Changed-By: Colin Watson Closes: 1130595 1132572 1132573 1132574 1132575 1132576 Changes: openssh (1:10.0p1-7+deb13u3) trixie; urgency=medium . * Backport minor security fixes from 10.3p1: - ssh(1): the -J and equivalent -oProxyJump="..." options now validate user and host names for ProxyJump/-J options passed via the command-line (no such validation is performed for this option in configuration files). This prevents shell injection in situations where these were directly exposed to adversarial input, which would have been a terrible idea to begin with. - CVE-2026-35386: ssh(1): validation of shell metacharacters in user names supplied on the command-line was performed too late to prevent some situations where they could be expanded from %-tokens in ssh_config. For certain configurations, such as those that use a "%u" token in a "Match exec" block, an attacker who can control the user name passed to ssh(1) could potentially execute arbitrary shell commands. Reported by Florian Kohnhäuser (closes: #1132573). We continue to recommend against directly exposing ssh(1) and other tools' command-lines to untrusted input. Mitigations such as this can not be absolute given the variety of shells and user configurations in use. - CVE-2026-35414: sshd(8): when matching an authorized_keys principals="" option against a list of principals in a certificate, an incorrect algorithm was used that could allow inappropriate matching in cases where a principal name in the certificate contains a comma character. Exploitation of the condition requires an authorized_keys principals="" option that lists more than one principal *and* a CA that will issue a certificate that encodes more than one of these principal names separated by a comma (typical CAs strongly constrain which principal names they will place in a certificate). This condition only applies to user- trusted CA keys in authorized_keys, the main certificate authentication path (TrustedUserCAKeys/AuthorizedPrincipalsFile) is not affected. Reported by Vladimir Tokarev (closes: #1132576). - CVE-2026-35385: scp(1): when downloading files as root in legacy (-O) mode and without the -p (preserve modes) flag set, scp did not clear setuid/setgid bits from downloaded files as one might typically expect. This bug dates back to the original Berkeley rcp program. Reported by Christos Papakonstantinou of Cantina and Spearbit (closes: #1132572). - CVE-2026-35387: sshd(8): fix incomplete application of PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard to ECDSA keys. Previously if one of these directives contains any ECDSA algorithm name (say "ecdsa-sha2-nistp384"), then any other ECDSA algorithm would be accepted in its place regardless of whether it was listed or not. Reported by Christos Papakonstantinou of Cantina and Spearbit (closes: #1132574). - CVE-2026-35388: ssh(1): connection multiplexing confirmation (requested using "ControlMaster ask/autoask") was not being tested for proxy mode multiplexing sessions (i.e. "ssh -O proxy ..."). Reported by Michalis Vasileiadis (closes: #1132575). * Cherry-pick IPQoS handling updates from upstream: - Set default IPQoS for interactive sessions to Expedited Forwarding (EF). - Deprecate support for IPv4 type-of-service (TOS) IPQoS keywords. - Make ssh(1) and sshd(8) set IP QoS (aka IP_TOS, IPV6_TCLASS) continually at runtime based on what sessions/channels are open. - Correctly set extended type for client-side channels. Fixes interactive vs bulk IPQoS for client->server traffic. . openssh (1:10.0p1-7+deb13u2) trixie-security; urgency=medium . * CVE-2026-3497: Fix incorrect GSS-API error handling; Replace incorrect use of sshpkt_disconnect() with ssh_packet_disconnect(), and properly initialize some variables (closes: #1130595; thanks, Marc Deslauriers). Checksums-Sha1: 588570b8d24a58d165326e779ccfe04e356573e7 3609 openssh_10.0p1-7+deb13u3.dsc b4f91988a8c898e3339683fd5c622c7932cc5902 215064 openssh_10.0p1-7+deb13u3.debian.tar.xz Checksums-Sha256: d4370c9fc63b3f4ea445fdc7288e372e089c1740f0287170387000e264fa3b38 3609 openssh_10.0p1-7+deb13u3.dsc b80912092af7d7ecbc8f0c784a68d86d5e54b4d6b69038ab7faa891f774db24c 215064 openssh_10.0p1-7+deb13u3.debian.tar.xz Files: 0b8ba8ff968b873866aa509cbdc98f3c 3609 net standard openssh_10.0p1-7+deb13u3.dsc 26afa767738b86933b2dfff05155b438 215064 net standard openssh_10.0p1-7+deb13u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmn5xdoACgkQOTWH2X2G UAvh6g/9GjIj4m/UXC4f3ylY8+5c6U+iyptFtkyW7ijHOx3uB8hjeYNSeZEWO02e Qo9hTkWD6SwTwy4Q3jyUqsJcz1XAm5J91tmXo2Nocwt3OSSDD/V7+yNI9rp+tzur 9Exe2K0alid5m8awLLapRM+zRMZuykDbhqeQ3/mus67Pw7XoMXoyZSHvJnggqWdp mNYIJaqhzgtjXUzGzMPhpV1iRFtTYEaSpqRMKyrnFM6BgKH9ZLVdE/C4NgP1kgxC rFNgBqZHkjIkmya4JjdY2fUoNIJFIWiTb6NrRfG6sIN7ouyoKf3ukuIp22cUHG/h SstkPe9mRiNolp81TD7QPCQxaZ+9qEyrFR9fr90NHjI7pqhSXIru9kQWU/o88Nsh JN07qCaoyTxK+fnJSZiRG2eIkIg1T9pxxU0pMR+xrKTGgpgXF9RaCEfhPStKeuTx VISqOBXailVAZ6kCOCsWfFuCQ5cCSUorQpatC8Lc1omXYouDz+N5b5uPzf1/0x65 7k8L7dFekkAZqIWg//nzZUiYs0Ic79BeHb6A8F3GLRyUnjzl4B9oz2GgAZRnzZgy IrHmU1FSYZ89w/EiMtIKwqd3qsjgFBbV5ilIB1IdTV/CTt1JPmJ1407prz+QvRBg RVDo+CWrmPGQ+H8WazltPyQVZv0uMe4dEZpAvUt6ZKjCU5NHpD0= =CGtA -----END PGP SIGNATURE-----