Thank you for your contribution to Debian.
Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 05 May 2026 11:26:56 +0100 Source: openssh Architecture: source Version: 1:9.2p1-2+deb12u10 Distribution: bookworm Urgency: medium Maintainer: Debian OpenSSH Maintainers <[email protected]> Changed-By: Colin Watson <[email protected]> Closes: 1117529 1117530 1130595 1132572 1132573 1132574 1132575 1132576 Changes: openssh (1:9.2p1-2+deb12u10) bookworm; urgency=medium . * Backport minor security fixes from 10.3p1: - ssh(1): the -J and equivalent -oProxyJump="..." options now validate user and host names for ProxyJump/-J options passed via the command-line (no such validation is performed for this option in configuration files). This prevents shell injection in situations where these were directly exposed to adversarial input, which would have been a terrible idea to begin with. - CVE-2026-35386: ssh(1): validation of shell metacharacters in user names supplied on the command-line was performed too late to prevent some situations where they could be expanded from %-tokens in ssh_config. For certain configurations, such as those that use a "%u" token in a "Match exec" block, an attacker who can control the user name passed to ssh(1) could potentially execute arbitrary shell commands. Reported by Florian Kohnhäuser (closes: #1132573). We continue to recommend against directly exposing ssh(1) and other tools' command-lines to untrusted input. Mitigations such as this can not be absolute given the variety of shells and user configurations in use. - CVE-2026-35414: sshd(8): when matching an authorized_keys principals="" option against a list of principals in a certificate, an incorrect algorithm was used that could allow inappropriate matching in cases where a principal name in the certificate contains a comma character. Exploitation of the condition requires an authorized_keys principals="" option that lists more than one principal *and* a CA that will issue a certificate that encodes more than one of these principal names separated by a comma (typical CAs strongly constrain which principal names they will place in a certificate). This condition only applies to user- trusted CA keys in authorized_keys, the main certificate authentication path (TrustedUserCAKeys/AuthorizedPrincipalsFile) is not affected. Reported by Vladimir Tokarev (closes: #1132576). - CVE-2026-35385: scp(1): when downloading files as root in legacy (-O) mode and without the -p (preserve modes) flag set, scp did not clear setuid/setgid bits from downloaded files as one might typically expect. This bug dates back to the original Berkeley rcp program. Reported by Christos Papakonstantinou of Cantina and Spearbit (closes: #1132572). - CVE-2026-35387: sshd(8): fix incomplete application of PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard to ECDSA keys. Previously if one of these directives contains any ECDSA algorithm name (say "ecdsa-sha2-nistp384"), then any other ECDSA algorithm would be accepted in its place regardless of whether it was listed or not. Reported by Christos Papakonstantinou of Cantina and Spearbit (closes: #1132574). - CVE-2026-35388: ssh(1): connection multiplexing confirmation (requested using "ControlMaster ask/autoask") was not being tested for proxy mode multiplexing sessions (i.e. "ssh -O proxy ..."). Reported by Michalis Vasileiadis (closes: #1132575). . openssh (1:9.2p1-2+deb12u9) bookworm-security; urgency=medium . * CVE-2026-3497: Fix incorrect GSS-API error handling; Replace incorrect use of sshpkt_disconnect() with ssh_packet_disconnect(), and properly initialize some variables (closes: #1130595; thanks, Marc Deslauriers). . openssh (1:9.2p1-2+deb12u8) bookworm; urgency=medium . * CVE-2025-61984: ssh(1): disallow control characters in usernames passed via the commandline (closes: #1117529). * CVE-2025-61985: ssh(1): disallow \0 characters in ssh:// URIs (closes: #1117530). Checksums-Sha1: da35814196b96e3f93dea031774bdd262cc9d42d 3455 openssh_9.2p1-2+deb12u10.dsc 44c1ccdd91839f3f506cc6f4e9129358d3961464 204884 openssh_9.2p1-2+deb12u10.debian.tar.xz Checksums-Sha256: af8cfb3ce783604abd28183a52aa0bde8c6bc603cc35758035db48d1dac5f2e2 3455 openssh_9.2p1-2+deb12u10.dsc 65cbc8353a4197d0e543dd5330ca9798663256ea54b91a9c7c49116e7ea342ea 204884 openssh_9.2p1-2+deb12u10.debian.tar.xz Files: e2ab620d8acd52def880e2cd301828f6 3455 net standard openssh_9.2p1-2+deb12u10.dsc 70b740271dd02145d7cb7337f33ff4af 204884 net standard openssh_9.2p1-2+deb12u10.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmn5xhEACgkQOTWH2X2G UAtjcw//XgMTEZxtq+8Q0rgxYw2oK9YfZcFUoC0JIEcsGGsocgKmli+IXR5i5l79 5jmaVo/zVK/4lS7t3Xm4V4//L8n04ywuAKBQP78YaOJ4C+hRXF1xLubztEJjThIa fN06u/dxp11n8hbCO8AuvociWDpN9PPs+7fUNoDqL8LHlOZ0NUUOvPYJT6vTfbyS 4OpkW96XnlAqdsixFv2/x2rRNi8BYlx8nml1B8k/CcsEwcsojbrUEh9A2V5v24KM a+HWWFX10zrrInEIidiuPl6mARrwkvcqukGR2Q/pLUVzX/D2mZFlzsJ5fsFJlrmk KT2mCJtZRuhTZkBicS6pOKVo3PDv5QrQZ73cEaqQuOKYNBfNURvXll9zeoRa98eG q3ZctoVVmMlkGXtG5W/Dt5bDm4/hYr7DpB8HBXSd2Wf5IOGUf3S8ICjAKTNqykym g16cMFabj4dSkKwE91HuHJDMvaWBqGZbUNd9jMeVhsUscWEI/vbQEC9ynlYYiOl8 Km95nEVr2L+Nu8Ohe6UcDziOfjeE2eIlHkr3kuz5mwCTzGIYh3WGYYMMflh/xxaQ mo8QRF+YkTaIC93W3U9cmp+I7nW8sqoyCpn9K2LoCgD2uSav4iccYXkmlhERsRO7 1++8KviD3TSJDqQ+6UQkjpTz5qhk6h8P0cJXyGWJ2UQ6FCxQl/w= =/+6q -----END PGP SIGNATURE-----
pgpSn7zLlrjU9.pgp
Description: PGP signature
