OpenSSH 10.3 addresses two security issues: (1) A flaw in ssh(1) where delayed validation of shell metacharacters in command-line usernames could allow arbitrary command execution if untrusted input is exposed. (2) An incorrect algorithm in sshd(8) for matching certificate principals containing commas, potentially enabling inappropriate authentication if a CA issues certificates with comma-separated principals.
| Vendor | Product | Versions |
|---|---|---|
| openssh | openssh | < 10.3 |
