Red Hat Product Errata RHSA-2026:22468 - Security Advisory Issued: 2026-06-02 Updated: 2026-06-02 RHSA-2026:22468 - Security Advisory Overview Updated Packages Synopsis Important: openssh security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for openssh is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode (CVE-2026-35385) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64 Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64 Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le Fixes BZ - 2454469 - CVE-2026-35385 OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVEs CVE-2026-35385 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 SRPM openssh-7.4p1-23.el7_9.2.src.rpm SHA-256: b9b1d360d33add05e7e18c9e455f31a2ac2d2ede548f34a2b13b635cf58137da x86_64 openssh-7.4p1-23.el7_9.2.x86_64.rpm SHA-256: 88263f75ff6b41a28b9e41c4e3675255bfd537643aab903bd29ac56eed53473e openssh-askpass-7.4p1-23.el7_9.2.x86_64.rpm SHA-256: a6f65f49544487c87e674b82bdc4d5e9c23827ed3cdf53914c8a06bd795861e2 openssh-cavs-7.4p1-23.el7_9.2.x86_64.rpm SHA-256: f9f4323757fc9a3aa911416a768e3a36b76c53ef04b01bc82a47690a9a29cd5f openssh-clients-7.4p1-23.el7_9.2.x86_64.rpm SHA-256: f2698701fe75819fe2b629ca11636d03e30c43fc044904237d74b5e49dde5797 openssh-debuginfo-7.4p1-23.el7_9.2.i686.rpm SHA-256: 78e1eb66ca7da7716f31feb9c803d7d9eda9df988d783e97a085dd26fda2e373 openssh-debuginfo-7.4p1-23.el7_9.2.x86_64.rpm SHA-256: ef6b07bd4979e3b1a547f833ebcba1513f1a9285d959fec1997d11b451dd046b openssh-debuginfo-7.4p1-23.el7_9.2.x86_64.rpm SHA-256: ef6b07bd4979e3b1a547f833ebcba1513f1a9285d959fec1997d11b451dd046b openssh-keycat-7.4p1-23.el7_9.2.x86_64.rpm SHA-256: e56898a88298046d4f7f2ce957f7f79ba11ec86b37d9799b105edc545b9bb232 openssh-ldap-7.4p1-23.el7_9.2.x86_64.rpm SHA-256: 75590304550dbb9d45fc6e041ecf0a55a77086bb8468f19cdf4a412f1c3695f7 openssh-server-7.4p1-23.el7_9.2.x86_64.rpm SHA-256: 9bf2f0322d04f943cdecc4cfffe3664b33d9d106d4b8f4487d86c159fa593b2f openssh-server-sysvinit-7.4p1-23.el7_9.2.x86_64.rpm SHA-256: 1e7b8db992346f8cbe659aec8cf8002a0547d0f180ac671eb65a451e619d4f73 pam_ssh_agent_auth-0.10.3-2.23.el7_9.2.i686.rpm SHA-256: ecc04533680746eb29360572342c0c132c83813817c0329691b1c6ad11e275da pam_ssh_agent_auth-0.10.3-2.23.el7_9.2.x86_64.rpm SHA-256: 60849d5ebb519a7996b2ba2fad80fb861146c528957cea54a747475104b1ea1c Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 SRPM openssh-7.4p1-23.el7_9.2.src.rpm SHA-256: b9b1d360d33add05e7e18c9e455f31a2ac2d2ede548f34a2b13b635cf58137da s390x openssh-7.4p1-23.el7_9.2.s390x.rpm SHA-256: 730ae2fc10d9419e47f20ca9a17793400c10e8c9f05c5753635a705eb7a0b633 openssh-askpass-7.4p1-23.el7_9.2.s390x.rpm SHA-256: ee15ae7bfd182be9d0622d7d63978e425e2fe99f5e71a21ab08c73058980b5fa openssh-cavs-7.4p1-23.el7_9.2.s390x.rpm SHA-256: 0cb2960f2fff46b82ceff32920b025746f13b49121fd8322e94e8f523a9bb6f4 openssh-clients-7.4p1-23.el7_9.2.s390x.rpm SHA-256: b7807da17843a96eaf57573513df3f2ed53ce3b01be0847bb1c7b915f9a8425b openssh-debuginfo-7.4p1-23.el7_9.2.s390.rpm SHA-256: 5460a225fe9be71114d289ac6b8dcf65c67dd559d8226a7e1a2e9e2e3cdbfee7 openssh-debuginfo-7.4p1-23.el7_9.2.s390x.rpm SHA-256: fe327c64b4cd160ac637c9bb980c48c1a8f32e31675f687ae109839f76783127 openssh-debuginfo-7.4p1-23.el7_9.2.s390x.rpm SHA-256: fe327c64b4cd160ac637c9bb980c48c1a8f32e31675f687ae109839f76783127 openssh-keycat-7.4p1-23.el7_9.2.s390x.rpm SHA-256: 007b8fac9106e59f2f73c39d90ae6749e5da7d5002e1c4ca9f2234e78d390675 openssh-ldap-7.4p1-23.el7_9.2.s390x.rpm SHA-256: 25aa2880344ec420fd85287f0d83d17ee318ed42bf80879bb026d25bf80e0bf8 openssh-server-7.4p1-23.el7_9.2.s390x.rpm SHA-256: 90702118bce9988b6d44fcfa89f077695be0fdbd7e1dd520ac3227581ebf657b openssh-server-sysvinit-7.4p1-23.el7_9.2.s390x.rpm SHA-256: afc04f9a0ff410800db2121a3a212904b6cca87cde324f59ac96f0bbc74db873 pam_ssh_agent_auth-0.10.3-2.23.el7_9.2.s390.rpm SHA-256: 5d57d8d1cc91ccabfc8d017bdff671917f723b3cb6742b58ce780df4f1a51f4c pam_ssh_agent_auth-0.10.3-2.23.el7_9.2.s390x.rpm SHA-256: 52bc76b813d06e2b08db53ff96a644e5eebf5a3893a3491957a7f5da7f4c3318 Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 SRPM openssh-7.4p1-23.el7_9.2.src.rpm SHA-256: b9b1d360d33add05e7e18c9e455f31a2ac2d2ede548f34a2b13b635cf58137da ppc64 openssh-7.4p1-23.el7_9.2.ppc64.rpm SHA-256: f753ae85a226a1821d4f5f15911082823949d7f8770f77a560bd23a1c6e71308 openssh-askpass-7.4p1-23.el7_9.2.ppc64.rpm SHA-256: 3e546e554d1981c2f7e03c57a1df4d0be9e13c54ff944d254404f9b7eea0872a openssh-cavs-7.4p1-23.el7_9.2.ppc64.rpm SHA-256: 9763ebae24b56eed073970a79e40f4884dc24d2bc81702fd3193ff368cfd4393 openssh-clients-7.4p1-23.el7_9.2.ppc64.rpm SHA-256: b30d85f84325099235d250936ca6b3af63eb92deb320c52d1f1cf48039fc4ef8 openssh-debuginfo-7.4p1-23.el7_9.2.ppc.rpm SHA-256: 75201d21d521b7b41c3769884c14f5c207d5121777765bf569ca666c09e9133e openssh-debuginfo-7.4p1-23.el7_9.2.ppc64.rpm SHA-256: 268bf490b166c073b1826e2b7b3dcd0c553390e2214b797f87ac426216e5d054 openssh-debuginfo-7.4p1-23.el7_9.2.ppc64.rpm SHA-256: 268bf490b166c073b1826e2b7b3dcd0c553390e2214b797f87ac426216e5d054 openssh-keycat-7.4p1-23.el7_9.2.ppc64.rpm SHA-256: a2e76bb9e07e216bde0b5e5cb86896ebeaa39fbb8e3d7f18b953a6972f18ef4a openssh-ldap-7.4p1-23.el7_9.2.ppc64.rpm SHA-256: 925010759f315c1c4f3ab23ba8f81cf5c6349c57460668c723d88d60d7291c14 openssh-server-7.4p1-23.el7_9.2.ppc64.rpm SHA-256: 049dad3b919ff68b3c5a371ba3bc894dc175349e9a3d07dbad6c29eb7e632fcb openssh-server-sysvinit-7.4p1-23.el7_9.2.ppc64.rpm SHA-256: 249c2a2f78d678f440bcee948663e49c1f91fb3b10a1aab56f72be0f0677404c pam_ssh_agent_auth-0.10.3-2.23.el7_9.2.ppc.rpm SHA-256: 1d0a7e6672b0a23c1c293011bf8371ad0b9826449c673a044cc7114e7f7a0776 pam_ssh_agent_auth-0.10.3-2.23.el7_9.2.ppc64.rpm SHA-256: 1718161fe5f35db01a0b4c4b2af37fadb48cbaf63b7d9b30a742af05b76885c7 Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 SRPM openssh-7.4p1-23.el7_9.2.src.rpm SHA-256: b9b1d360d33add05e7e18c9e455f31a2ac2d2ede548f34a2b13b635cf58137da ppc64le openssh-7.4p1-23.el7_9.2.ppc64le.rpm SHA-256: c8080be50c85bca4fdde9da74c80f1b0c487ec395fe4f7ffe9e4f8f941f22dca openssh-askpass-7.4p1-23.el7_9.2.ppc64le.rpm SHA-256: 53ec0c63305b920c7cacc576fbeb72d3ae837355c60a9ef7ff766428001bf2eb openssh-cavs-7.4p1-23.el7_9.2.ppc64le.rpm SHA-256: 55a8b74916e6f9727723c65d393e3e84b5eb41c78c58e3f9ad82a29a22ea0ee4 openssh-clients-7.4p1-23.el7_9.2.ppc64le.rpm SHA-256: 3c229accec383e2d06d22e8ba4751d46698897636792c62e253626c2280beabd openssh-debuginfo-7.4p1-23.el7_9.2.ppc64le.rpm SHA-256: 4e79d514e261b9d92b0a3f3a7b52d8db49eebbc2f405d9a68c08d514a34b178a openssh-debuginfo-7.4p1-23.el7_9.2.ppc64le.rpm SHA-256: 4e79d514e261b9d92b0a3f3a7b52d8db49eebbc2f405d9a68c08d514a34b178a openssh-keycat-7.4p1-23.el7_9.2.ppc64le.rpm SHA-256: 9ed1c1d22f947d3473a62a97add5469dc3701b76a06f99fa244e39b4aa7b4b65 openssh-ldap-7.4p1-23.el7_9.2.ppc64le.rpm SHA-256: 6d9c96bc3c6322bc5b6ee4e1bbd2143173284416d49747abafa86997a462da49 openssh-server-7.4p1-23.el7_9.2.ppc64le.rpm SHA-256: 2304bbd233fb14ea104338f57bbfed159ff5cc2424318faa62c57de682fdad2f openssh-server-sysvinit-7.4p1-23.el7_9.2.ppc64le.rpm SHA-256: 715288c564aa0f439bfe6822ad51111a58eeb81321c7c5bf22e0a0f130454f2a pam_ssh_agent_auth-0.10.3-2.23.el7_9.2.ppc64le.rpm SHA-256: 823b30391ed12fff66122fe17ab5f6e299c32b234a30bb512ed6fc554c3cec7a The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .