SB2026051833 - SUSE update for openssh
Published: May 18, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Improper privilege management (CVE-ID: CVE-2026-35385)
The vulnerability allows a local privileged user to create files with unintended setuid or setgid bits.
The vulnerability exists due to improper privilege management in scp(1) when downloading files in legacy (-O) mode as root without the -p flag set. A local privileged user can download a file with crafted mode bits to create files with unintended setuid or setgid bits.
The issue occurs only in legacy mode and only when files are downloaded as root without preserving modes.
2) Improper access control (CVE-ID: CVE-2026-35414)
The vulnerability allows a remote user to bypass principal restrictions in certificate-based authentication.
The vulnerability exists due to improper access control in sshd(8) when matching an authorized_keys principals="" option against a list of principals in a certificate. A remote user can present a specially crafted certificate to bypass principal restrictions in certificate-based authentication.
This condition only affects user-trusted CA keys in authorized_keys and requires multiple principals to be listed, including a certificate principal containing a comma character.
Remediation
Install update from vendor's website.