-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 12 Apr 2026 12:49:45 +0100 Source: openssh Architecture: source Version: 1:10.3p1-1 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Closes: 321525 1118288 1132572 1132573 1132574 1132575 1132576 Changes: openssh (1:10.3p1-1) unstable; urgency=medium . * New upstream release: - ssh(1): validation of shell metacharacters in user names supplied on the command-line was performed too late to prevent some situations where they could be expanded from %-tokens in ssh_config. For certain configurations, such as those that use a "%u" token in a "Match exec" block, an attacker who can control the user name passed to ssh(1) could potentially execute arbitrary shell commands. Reported by Florian Kohnhäuser (closes: #1132573). We continue to recommend against directly exposing ssh(1) and other tools' command-lines to untrusted input. Mitigations such as this can not be absolute given the variety of shells and user configurations in use. - CVE-2026-35414: sshd(8): when matching an authorized_keys principals="" option against a list of principals in a certificate, an incorrect algorithm was used that could allow inappropriate matching in cases where a principal name in the certificate contains a comma character. Exploitation of the condition requires an authorized_keys principals="" option that lists more than one principal *and* a CA that will issue a certificate that encodes more than one of these principal names separated by a comma (typical CAs strongly constrain which principal names they will place in a certificate). This condition only applies to user- trusted CA keys in authorized_keys, the main certificate authentication path (TrustedUserCAKeys/AuthorizedPrincipalsFile) is not affected. Reported by Vladimir Tokarev (closes: #1132576). - CVE-2026-35385: scp(1): when downloading files as root in legacy (-O) mode and without the -p (preserve modes) flag set, scp did not clear setuid/setgid bits from downloaded files as one might typically expect. This bug dates back to the original Berkeley rcp program. Reported by Christos Papakonstantinou of Cantina and Spearbit (closes: #1132572). - CVE-2026-35387: sshd(8): fix incomplete application of PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard to ECDSA keys. Previously if one of these directives contains any ECDSA algorithm name (say "ecdsa-sha2-nistp384"), then any other ECDSA algorithm would be accepted in its place regardless of whether it was listed or not. Reported by Christos Papakonstantinou of Cantina and Spearbit (closes: #1132574). - CVE-2026-35388: ssh(1): connection multiplexing confirmation (requested using "ControlMaster ask/autoask") was not being tested for proxy mode multiplexing sessions (i.e. "ssh -O proxy ..."). Reported by Michalis Vasileiadis (closes: #1132575). - ssh(1), sshd(8): support IANA-assigned codepoints for SSH agent forwarding, as per draft-ietf-sshm-ssh-agent. Support for the new names is advertised via the EXT_INFO message. If a server offers support for the new names, then they are used preferentially. Support for the pre-standardisation "@openssh.com" extensions for agent forwarding remains supported. - ssh-agent(1): implement support for draft-ietf-sshm-ssh-agent "query" extension. - ssh-add(1): support querying the protocol extensions via the agent "query" extension with a new -Q flag. - ssh(1): support multiple files in a ssh_config RevokedHostKeys directive. - sshd(8): support multiple files in a sshd_config RevokedKeys directive. - ssh(1): add a ~I escape option that shows information about the current SSH connection (closes: #321525). - ssh(1): add an "ssh -Oconninfo user@host" multiplexing command that shows connection information, similar to the ~I escapechar. - ssh(1): add an "ssh -O channels user@host" multiplexing command to get a running mux process to show information about what channels are currently open. - sshd(8): add 'invaliduser' penalty to PerSourcePenalties, which is applied to login attempts for usernames that do not match real accounts. Defaults to 5s to match 'authfail' but allows administrators to block such attempts for longer if desired. - sshd(8): add a GSSAPIDelegateCredentials option for the server, controlling whether it accepts delegated credentials offered by the client. This option mirrors the same option in ssh_config. - ssh(1), sshd(8): support the VA DSCP codepoint in the IPQoS directive. - sshd(8): convert PerSourcePenalties to using floating point time, allowing penalties to be less than a second. This is useful if you need to penalise things you expect to occur at >=1 QPS. - ssh-keygen(1): support writing ED25519 keys in PKCS8 format. - Support the ed25519 signature scheme via libcrypto. - sshd(8): make IPQoS first-match-wins in sshd_config, like other configuration directives. - sshd(8): fix potential crash when MaxStartups is using a single argument (i.e. not using the MaxStartups x:y:z form) to a value below 10. - sshd(8): fix a potential hang during key exchange if needed DH group values were missing from /etc/moduli. - ssh-agent(1): fix return values from extensions to be correct wrt draft-ietf-sshm-ssh-agent: extension requests should indicate failure using SSH_AGENT_EXTENSION_FAILURE rather than the generic SSH_AGENT_FAILURE error code. This allows the client to discern between "the request failed" and "the agent doesn't support this extension". - ssh(1): use fmprintf for showing challenge-response name and info to preserve UTF-8 characters where appropriate. - scp(1): when uploading a directory using sftp/sftp (e.g. during a recursive transfer), don't clobber the remote directory permissions unless either we created the directory during the transfer or the -p flag was set. - All: implement missing pieces of FIDO/webauthn signature support, mostly related to certificate handling and enable acceptance of this signature format by default. - sshd_config(5): make it clear that DenyUsers/DenyGroups overrides AllowUsers/AllowGroups. Previously we specified the order in which the directives are processed but it was ambiguous as to what happened if both matched. - ssh(1): don't try to match certificates held in an agent to private keys. This matching is done to support certificates that were loaded without their private key material, but is unnecessary for agent-hosted certificate which always have private key material available in the agent. Worse, this matching would mess up the request sent to the agent in such a way as to break usage of these keys when the key usage was restricted in the agent. - sftp(1): if editline has been switched to vi mode (i.e. via "bind -v" in .editrc), setup a keybinding so that command mode can be entered. - ssh(1), sshd(8): improve performance of keying the sntrup761 key agreement algorithm. - ssh(1), sshd(8): enforce maximum packet/block limit during pre-authentication phase. - sftp(1): don't misuse the sftp limits extension's open-handles field. This value is supposed to be the number of handles a server will allow to be opened and not a number of outstanding read/write requests that can be sent during an upload/download. - sshd(8): don't crash at connection time if the main sshd_config lacks any subsystem directive but one is defined in a Match block. - sshd_config(5): add a warning next to the ForceCommand directive that forcing a command doesn't automatically disable forwarding. - sshd_config(5): add a warning that TOKENS are replaced without filtering or escaping and that it's the administrator's responsibility to ensure they are used safely in context. - sshd(8): don't mess up the PerSourceNetBlockSize IPv6 mask if sscanf didn't decode it. - ssh-add(1): when loading FIDO2 resident keys, set the comment to the FIDO application string. This matches the behaviour of ssh-keygen -K. - sshd(8): don't strnvis() log messages that are going to be logged by sshd-auth via its parent sshd-session process, as the parent will also run them though strnvis(). Prevents double-escaping of non-printing characters in some log messages. - ssh-agent(1): escape SSH_AUTH_SOCK paths that are sent to the shell as setenv commands. Unbreaks ssh-agent for home directory paths that contain whitespace (closes: #1118288). - All: Remove unnecessary checks for ECDSA public key validity. - sshd(8): activate UnusedConnectionTimeout only after the last channel has closed. Previously UnusedConnectionTimeout could fire early after a ChannelTimeout. This was not a problem for the OpenSSH client because it terminates once all channels have closed but could cause problems for other clients (e.g. API clients) that do things differently. - scp(1): when using the SFTP protocol for transfers, fix implicit destination path selection when source path ends with "..". - sftp(1): when tab-completing a filename, ensure that the completed string does not end up mid-way through a multibyte character, as this will cause a fatal() later on. - ssh-keygen(1): fix crash at exit (visible via ssh-keygen -D) when multiple keys loaded. - scp(1)/sftp(1): correctly display bandwidths >2GBps in the progress meter. - sshd(8): fix condition introduced in openssh 10.2p1 stable branch where a PAM module that changed the requested username between SSH_MSG_USERAUTH_REQUEST messages during authentication could confuse the PAM stack and let it proceed with a different understanding of the active username than the rest of sshd. Reported by Mike Damm. - sshd(8): immediately report interactive instructions to clients when using keyboard-interactive authentication with PAM. - sshd(8): fix duplicate PAM messages under some situations. - sshd(8): don't leak PAM handle on repeat invocations. - sshd(8): fix ut_type for btmp records, correctly using LOGIN_PROCESS and USER_PROCESS. - sshd(8): allow uname(3) in the seccomp sandbox. This is needed by zlib-ng on RISC-V platforms. - All: remove remaining OpenSSL_add_all_algorithms() calls. We already have OPENSSL_init_crypto() in the compat layer. Checksums-Sha1: e04def7fc8169d28dce183e0431a7e30e84de96d 3583 openssh_10.3p1-1.dsc 9c78838ec07af14aff54f3755ac56ce6812452a9 2007369 openssh_10.3p1.orig.tar.gz 0eb749b2a536044d101e8b7a2c0233bd6c1040ea 833 openssh_10.3p1.orig.tar.gz.asc d6036804f65ee60e6cd67bb3e69dfc75884d777b 202424 openssh_10.3p1-1.debian.tar.xz Checksums-Sha256: 9e64ddb36ff17f643af4ce25fc8453c489cec9ee8173c91800468eb928e1db98 3583 openssh_10.3p1-1.dsc 56682a36bb92dcf4b4f016fd8ec8e74059b79a8de25c15d670d731e7d18e45f4 2007369 openssh_10.3p1.orig.tar.gz d9cb0783c637211b03dfcd9d1e41cf721e0080855b273c56b795fa37988b70c4 833 openssh_10.3p1.orig.tar.gz.asc ce986735603ab2180f370c8e06de7a7185d5e06f6f2ea5848aa919355f4be891 202424 openssh_10.3p1-1.debian.tar.xz Files: db5f2fe8f10e807ee9c06ed495611a0f 3583 net standard openssh_10.3p1-1.dsc 0b5662e0aa255c8d20f18dcca1bda65c 2007369 net standard openssh_10.3p1.orig.tar.gz b379ad932007799a72acf8b3a6b94998 833 net standard openssh_10.3p1.orig.tar.gz.asc 98c66caa462e5f95a50245f4f234bfcc 202424 net standard openssh_10.3p1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmnbhxgACgkQOTWH2X2G UAvPExAAlQYcWcHwhFan1GIoOfe9NfuitipEs2pWFVFxwJF+pe3sDP5S7LzDyO89 E0lW+POS9TV6DvWzzQNqx8TaEcGNpppJaZjpBUD4tsPLy2OUobpUaIogy3Y+gTxa s1vOBlWaOMJweYW4tNkcUDoOHCCIVuY9V7xOXYhKMDTH38ul9QdoGNW5uAxD0OVb z25+oBPL4CmyIJYC3tWS5USNaLeUYuo1N+kxd8ac6EgzVLlqp3UH7N3Te09umqgN CFmcx8+s013Hk4FGh5+NjJsIf2zfj+HPGTgJeooKuW0pw3tz5qxEKTtanJUYxJRG 6kUU/swp48XZKeb2/bIa77x/1hIaw6RFVoxmqbakkR7PFJYEWFZZ9ociq/2QBi2u TKFdk1CZuscAi1tivsWDdIF1xHGdrTn5bQyM2CRVfhSiLkPDme5bCjObWmWjrByf usK+v1zKdNSRJfgcrIPy/1FHhAiP0GYWCEpAAPWbbrp0RqY2Mxk153KI448aBmgP 0OCkvEPWtK92g7qZTx30KNx1azFv5Tht0fGvqllqHHoLRY0Ko3SeZlPs0Lg2YJ/8 vALPFfz+2jRw2hgNXhckF66hfjGK2DKU5Gte59AoResoP/N8DRXd7+on5kZdGwgW 5p4DasDKEv3nn3KliyeV6yGBigxMWtuWl2sjKxOt3DDgbEe1OLU= =Exr3 -----END PGP SIGNATURE-----
