Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
OpenSSH 10.4 Enhances Security with Key Updates

OpenSSH 10.4 Enhances Security with Key Updates

Posted on July 6, 2026 By CWS

OpenSSH 10.4, released on July 6, 2026, introduces a series of critical security improvements and new features. The update is available for download via the official OpenSSH mirrors and aims to enhance the robustness of secure shell communications.

Security Enhancements in OpenSSH 10.4

This latest version addresses numerous vulnerabilities that were found in the core utilities. A significant fix in sftp(1) prevents malicious servers from redirecting files to unintended locations during operations. Similarly, scp(1) now includes corrections to stop unauthorized servers from writing files outside the designated directory during remote transfers.

Additional security repairs were applied to sshd(8) that deal with a bug causing silent data truncation in ‘internal-sftp’, which could compromise security options. Moreover, improvements have been made to enforce authentication delays, resolving issues previously identified by the Orange Cyberdefense Vulnerability Team.

Protocol and Feature Updates

OpenSSH 10.4 also introduces changes that enhance the security framework. For instance, the transport protocol now automatically disconnects peers sending non-KEX messages during key re-exchanges, mitigating potential memory exhaustion attacks. On Linux systems, failures in seccomp sandboxing are now fatal, requiring explicit disabling if kernel support is absent.

Furthermore, the sshd -G configuration mode now outputs in a mixed-case format, which may affect automated scripts. The update also debuts experimental post-quantum signature support combining ML-DSA 44 and Ed25519, although this feature is not activated by default.

Additional Improvements and Bug Fixes

The release includes a new NFA-based wildcard pattern matcher for ssh(1) and sshd(8), which resolves previous performance issues. Numerous bug fixes have been implemented, such as enhanced FIDO token key handling, and improved security in cryptographic operations.

Portability updates ensure synchronization with OpenBSD for specific files and resolve multiple memory leaks. These improvements contribute to the stability and security of the software.

Source packages for OpenSSH 10.4 can be downloaded and verified using provided SHA1 and SHA256 checksums, ensuring their integrity and authenticity.

Cyber Security News Tags:Cryptography, Cybersecurity, IT security, Linux, OpenSSH, post-quantum cryptography, protocol updates, security updates, software release, SSH, vulnerability fixes

Post navigation

Previous Post: Enhancing Risk Management with Business Alignment
Next Post: Critical Gitea Docker Flaw CVE-2026-20896 Under Attack

Related Posts

Critical Ivanti EPM Vulnerability Allows Admin Session Hijacking via Stored XSS Critical Ivanti EPM Vulnerability Allows Admin Session Hijacking via Stored XSS Cyber Security News
WhatsApp Users Targeted by Spyware in Italy WhatsApp Users Targeted by Spyware in Italy Cyber Security News
DigiCert Breach Exposes EV Code Signing Vulnerabilities DigiCert Breach Exposes EV Code Signing Vulnerabilities Cyber Security News
New JSCEAL Infostealer Malware Attacking Windows Systems to Steal Login Credentials New JSCEAL Infostealer Malware Attacking Windows Systems to Steal Login Credentials Cyber Security News
Qualcomm Adreno GPU 0-Day Vulnerabilities Exploited to Attack Android Users Qualcomm Adreno GPU 0-Day Vulnerabilities Exploited to Attack Android Users Cyber Security News
Hackers Leverage Compromised Third-Party SonicWall SSL VPN Credentials to Deploy Sinobi Ransomware Hackers Leverage Compromised Third-Party SonicWall SSL VPN Credentials to Deploy Sinobi Ransomware Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • RedWing Malware Offers Banking Fraud via Telegram
  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show
  • Critical Flaw in AI Platform Writer Poses Security Risks
  • MCP Servers Found with Thousands of Security Flaws

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • RedWing Malware Offers Banking Fraud via Telegram
  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show
  • Critical Flaw in AI Platform Writer Poses Security Risks
  • MCP Servers Found with Thousands of Security Flaws

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark