[El-errata] ELSA-2026-13383 Important: Oracle Linux 8 openssh security update

[Errata Announcements for Oracle Linux]

Oracle Linux Security Advisory ELSA-2026-13383

http://linux.oracle.com/errata/ELSA-2026-13383.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
openssh-8.0p1-29.0.1.el8_10.x86_64.rpm
openssh-askpass-8.0p1-29.0.1.el8_10.x86_64.rpm
openssh-cavs-8.0p1-29.0.1.el8_10.x86_64.rpm
openssh-clients-8.0p1-29.0.1.el8_10.x86_64.rpm
openssh-keycat-8.0p1-29.0.1.el8_10.x86_64.rpm
openssh-ldap-8.0p1-29.0.1.el8_10.x86_64.rpm
openssh-server-8.0p1-29.0.1.el8_10.x86_64.rpm
pam_ssh_agent_auth-0.10.3-7.29.0.1.el8_10.x86_64.rpm

aarch64:
openssh-8.0p1-29.0.1.el8_10.aarch64.rpm
openssh-askpass-8.0p1-29.0.1.el8_10.aarch64.rpm
openssh-cavs-8.0p1-29.0.1.el8_10.aarch64.rpm
openssh-clients-8.0p1-29.0.1.el8_10.aarch64.rpm
openssh-keycat-8.0p1-29.0.1.el8_10.aarch64.rpm
openssh-ldap-8.0p1-29.0.1.el8_10.aarch64.rpm
openssh-server-8.0p1-29.0.1.el8_10.aarch64.rpm
pam_ssh_agent_auth-0.10.3-7.29.0.1.el8_10.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/openssh-8.0p1-29.0.1.el8_10.src.rpm

Related CVEs:

CVE-2026-35385
CVE-2026-35386
CVE-2026-35387
CVE-2026-35388
CVE-2026-35414




Description of changes:

[8.0p1-29.0.1]
- Update upstream references [Orabug: 36587718]

[8.0p1-29]
- CVE-2026-35385: Fix privilege escalation via scp legacy protocol
  when not in preserving file mode
  Resolves: RHEL-164743
- CVE-2026-35388: Add connection multiplexing confirmation for proxy-mode
  multiplexing sessions
  Resolves: RHEL-166240
- CVE-2026-35387: Fix incomplete application of PubkeyAcceptedAlgorithms
  and HostbasedAcceptedAlgorithms with regard to ECDSA keys
  Resolves: RHEL-166224
- CVE-2026-35414: Fix mishandling of authorized_keys principals option
  Resolves: RHEL-166192
- CVE-2026-35386: Add validation rules to usernames and hostnames
  set for ProxyJump/-J on the commandline
  Resolves: RHEL-166208