rpm package
suse/openssh&distro=SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-35414 | Med | 4.2 | < 6.6p1-36.31.1 | 6.6p1-36.31.1 | Apr 2, 2026 | OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters. | |
| CVE-2026-35385 | Hig | 7.5 | < 6.6p1-36.31.1 | 6.6p1-36.31.1 | Apr 2, 2026 | In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode). |
- affected < 6.6p1-36.31.1fixed 6.6p1-36.31.1
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
- affected < 6.6p1-36.31.1fixed 6.6p1-36.31.1
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).