-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 14 May 2026 10:00:19 +0100 Source: openssh Architecture: source Version: 1:10.3p1-1~bpo13+1 Distribution: trixie-backports Urgency: medium Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Closes: 321525 1118288 1132572 1132573 1132574 1132575 1132576 Changes: openssh (1:10.3p1-1~bpo13+1) trixie-backports; urgency=medium . * Rebuild for trixie-backports. . openssh (1:10.3p1-1) unstable; urgency=medium . * New upstream release: - ssh(1): validation of shell metacharacters in user names supplied on the command-line was performed too late to prevent some situations where they could be expanded from %-tokens in ssh_config. For certain configurations, such as those that use a "%u" token in a "Match exec" block, an attacker who can control the user name passed to ssh(1) could potentially execute arbitrary shell commands. Reported by Florian Kohnhäuser (closes: #1132573). We continue to recommend against directly exposing ssh(1) and other tools' command-lines to untrusted input. Mitigations such as this can not be absolute given the variety of shells and user configurations in use. - CVE-2026-35414: sshd(8): when matching an authorized_keys principals="" option against a list of principals in a certificate, an incorrect algorithm was used that could allow inappropriate matching in cases where a principal name in the certificate contains a comma character. Exploitation of the condition requires an authorized_keys principals="" option that lists more than one principal *and* a CA that will issue a certificate that encodes more than one of these principal names separated by a comma (typical CAs strongly constrain which principal names they will place in a certificate). This condition only applies to user- trusted CA keys in authorized_keys, the main certificate authentication path (TrustedUserCAKeys/AuthorizedPrincipalsFile) is not affected. Reported by Vladimir Tokarev (closes: #1132576). - CVE-2026-35385: scp(1): when downloading files as root in legacy (-O) mode and without the -p (preserve modes) flag set, scp did not clear setuid/setgid bits from downloaded files as one might typically expect. This bug dates back to the original Berkeley rcp program. Reported by Christos Papakonstantinou of Cantina and Spearbit (closes: #1132572). - CVE-2026-35387: sshd(8): fix incomplete application of PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard to ECDSA keys. Previously if one of these directives contains any ECDSA algorithm name (say "ecdsa-sha2-nistp384"), then any other ECDSA algorithm would be accepted in its place regardless of whether it was listed or not. Reported by Christos Papakonstantinou of Cantina and Spearbit (closes: #1132574). - CVE-2026-35388: ssh(1): connection multiplexing confirmation (requested using "ControlMaster ask/autoask") was not being tested for proxy mode multiplexing sessions (i.e. "ssh -O proxy ..."). Reported by Michalis Vasileiadis (closes: #1132575). - ssh(1), sshd(8): support IANA-assigned codepoints for SSH agent forwarding, as per draft-ietf-sshm-ssh-agent. Support for the new names is advertised via the EXT_INFO message. If a server offers support for the new names, then they are used preferentially. Support for the pre-standardisation "@openssh.com" extensions for agent forwarding remains supported. - ssh-agent(1): implement support for draft-ietf-sshm-ssh-agent "query" extension. - ssh-add(1): support querying the protocol extensions via the agent "query" extension with a new -Q flag. - ssh(1): support multiple files in a ssh_config RevokedHostKeys directive. - sshd(8): support multiple files in a sshd_config RevokedKeys directive. - ssh(1): add a ~I escape option that shows information about the current SSH connection (closes: #321525). - ssh(1): add an "ssh -Oconninfo user@host" multiplexing command that shows connection information, similar to the ~I escapechar. - ssh(1): add an "ssh -O channels user@host" multiplexing command to get a running mux process to show information about what channels are currently open. - sshd(8): add 'invaliduser' penalty to PerSourcePenalties, which is applied to login attempts for usernames that do not match real accounts. Defaults to 5s to match 'authfail' but allows administrators to block such attempts for longer if desired. - sshd(8): add a GSSAPIDelegateCredentials option for the server, controlling whether it accepts delegated credentials offered by the client. This option mirrors the same option in ssh_config. - ssh(1), sshd(8): support the VA DSCP codepoint in the IPQoS directive. - sshd(8): convert PerSourcePenalties to using floating point time, allowing penalties to be less than a second. This is useful if you need to penalise things you expect to occur at >=1 QPS. - ssh-keygen(1): support writing ED25519 keys in PKCS8 format. - Support the ed25519 signature scheme via libcrypto. - sshd(8): make IPQoS first-match-wins in sshd_config, like other configuration directives. - sshd(8): fix potential crash when MaxStartups is using a single argument (i.e. not using the MaxStartups x:y:z form) to a value below 10. - sshd(8): fix a potential hang during key exchange if needed DH group values were missing from /etc/moduli. - ssh-agent(1): fix return values from extensions to be correct wrt draft-ietf-sshm-ssh-agent: extension requests should indicate failure using SSH_AGENT_EXTENSION_FAILURE rather than the generic SSH_AGENT_FAILURE error code. This allows the client to discern between "the request failed" and "the agent doesn't support this extension". - ssh(1): use fmprintf for showing challenge-response name and info to preserve UTF-8 characters where appropriate. - scp(1): when uploading a directory using sftp/sftp (e.g. during a recursive transfer), don't clobber the remote directory permissions unless either we created the directory during the transfer or the -p flag was set. - All: implement missing pieces of FIDO/webauthn signature support, mostly related to certificate handling and enable acceptance of this signature format by default. - sshd_config(5): make it clear that DenyUsers/DenyGroups overrides AllowUsers/AllowGroups. Previously we specified the order in which the directives are processed but it was ambiguous as to what happened if both matched. - ssh(1): don't try to match certificates held in an agent to private keys. This matching is done to support certificates that were loaded without their private key material, but is unnecessary for agent-hosted certificate which always have private key material available in the agent. Worse, this matching would mess up the request sent to the agent in such a way as to break usage of these keys when the key usage was restricted in the agent. - sftp(1): if editline has been switched to vi mode (i.e. via "bind -v" in .editrc), setup a keybinding so that command mode can be entered. - ssh(1), sshd(8): improve performance of keying the sntrup761 key agreement algorithm. - ssh(1), sshd(8): enforce maximum packet/block limit during pre-authentication phase. - sftp(1): don't misuse the sftp limits extension's open-handles field. This value is supposed to be the number of handles a server will allow to be opened and not a number of outstanding read/write requests that can be sent during an upload/download. - sshd(8): don't crash at connection time if the main sshd_config lacks any subsystem directive but one is defined in a Match block. - sshd_config(5): add a warning next to the ForceCommand directive that forcing a command doesn't automatically disable forwarding. - sshd_config(5): add a warning that TOKENS are replaced without filtering or escaping and that it's the administrator's responsibility to ensure they are used safely in context. - sshd(8): don't mess up the PerSourceNetBlockSize IPv6 mask if sscanf didn't decode it. - ssh-add(1): when loading FIDO2 resident keys, set the comment to the FIDO application string. This matches the behaviour of ssh-keygen -K. - sshd(8): don't strnvis() log messages that are going to be logged by sshd-auth via its parent sshd-session process, as the parent will also run them though strnvis(). Prevents double-escaping of non-printing characters in some log messages. - ssh-agent(1): escape SSH_AUTH_SOCK paths that are sent to the shell as setenv commands. Unbreaks ssh-agent for home directory paths that contain whitespace (closes: #1118288). - All: Remove unnecessary checks for ECDSA public key validity. - sshd(8): activate UnusedConnectionTimeout only after the last channel has closed. Previously UnusedConnectionTimeout could fire early after a ChannelTimeout. This was not a problem for the OpenSSH client because it terminates once all channels have closed but could cause problems for other clients (e.g. API clients) that do things differently. - scp(1): when using the SFTP protocol for transfers, fix implicit destination path selection when source path ends with "..". - sftp(1): when tab-completing a filename, ensure that the completed string does not end up mid-way through a multibyte character, as this will cause a fatal() later on. - ssh-keygen(1): fix crash at exit (visible via ssh-keygen -D) when multiple keys loaded. - scp(1)/sftp(1): correctly display bandwidths >2GBps in the progress meter. - sshd(8): fix condition introduced in openssh 10.2p1 stable branch where a PAM module that changed the requested username between SSH_MSG_USERAUTH_REQUEST messages during authentication could confuse the PAM stack and let it proceed with a different understanding of the active username than the rest of sshd. Reported by Mike Damm. - sshd(8): immediately report interactive instructions to clients when using keyboard-interactive authentication with PAM. - sshd(8): fix duplicate PAM messages under some situations. - sshd(8): don't leak PAM handle on repeat invocations. - sshd(8): fix ut_type for btmp records, correctly using LOGIN_PROCESS and USER_PROCESS. - sshd(8): allow uname(3) in the seccomp sandbox. This is needed by zlib-ng on RISC-V platforms. - All: remove remaining OpenSSL_add_all_algorithms() calls. We already have OPENSSL_init_crypto() in the compat layer. Checksums-Sha1: 7168613bba5d4072d3883fbc5c415affd84bfe83 3623 openssh_10.3p1-1~bpo13+1.dsc b4e20fc4c756f697de2ed80e2394413a06eedc2f 202544 openssh_10.3p1-1~bpo13+1.debian.tar.xz Checksums-Sha256: 70895e6c01a101f50e6c3e88a993ae50192f482c6bf0c439c1b4d3a961e27484 3623 openssh_10.3p1-1~bpo13+1.dsc 709e7c358fd110c7ef0d77589a99aa020eda02e78798f8ca444a96cfc6b7342e 202544 openssh_10.3p1-1~bpo13+1.debian.tar.xz Files: b9b59548664ae17a645f3602c761184a 3623 net standard openssh_10.3p1-1~bpo13+1.dsc 85e5b0f01e99eb2796a818821a1194f3 202544 net standard openssh_10.3p1-1~bpo13+1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmoFkHUACgkQOTWH2X2G UAtPfA/9GDfKD14vM/b461RZNijxZBsuGDOseNFn2ZYaO8sHnf3H5OIyCyhjX3W3 hdkDDRhg1S16i3YD3HLciTXZFqWwaIKs7lLag/ZLpXoGkCD/5lhgPLbRzxdrx5Tm 4QX5Dj3whwfgkEheL09XAISFN64HnXDPl3kwrZm2UE5/Y1h0BJU6EPD6MiKmiCaU AHME+tkyDyQBsZ6b2eHQb0UfIa+SsMSyTcX1iyIC0lM9ux3UiEteuzydTjmnBP0o 21/yZlr2X0mvxxwR3saN8+8WnFDCbiFE10SxpmHLbvkRO4WUq2aFwPqy9A2edL4v qwTnqEYsQahSq1ai9uto3/IiqRXev/bhjh0I2TQZkC0xX/fY73HToUB7pNvReNqL JjT8BdL/ZY+d+ee+HbAXZOSvMFsEnxRE4xt4KhisA6wd1bj1GNHRqO9ouk2Q3QP4 h1bVRJqLvRuxnRDbiAUMPPu+sMg2HI6v3i2izF+k3bx2+/DCOvjC8CBM9D5IllRc 47Xmm1j6pIC/9j1W92fcD8uOMHcas9zmbCje/+0CyCN+mBBoc+ZtJ7E5QQYypIix cbYnOp5GtamG14wbEAOdTsr6eAvbgzP491PECCLrTJpjCEL5IRMLj39qjiyIo8OW ar4S2osFFgboascyeHHOLJxsi0AbPOxDnxCXygxfDy6jsTm7Iho= =0nDV -----END PGP SIGNATURE-----
