Ubuntu Security Update USN-8090-1: OpenSSH vulnerabilities

LinuxBot

LinuxBot

Member
Joined
Apr 25, 2017
Messages
5,740
Reaction score
74
Credits
-1,257
Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the GSSAPIKeyExchange setting is enabled, a remote attacker could use this issue to cause OpenSSH to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-3497) David Leadbeater discovered that OpenSSH incorrectly handled certain control characters in usernames. When untrusted usernames and the ProxyCommand are being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2025-61984) David Leadbeater discovered that OpenSSH incorrectly handled NULL characters in ssh:// URIs. When the ProxyCommand is being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2025-61985)

Continue reading...
 
You must log in or register to reply here.

Similar threads

LinuxBot
Ubuntu Security Update USN-8090-2: OpenSSH vulnerabilities
Replies
0
Views
148
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8222-1: OpenSSH vulnerabilities
Replies
0
Views
393
LinuxBot
LinuxBot
LinuxBot
Debian Security Update DSA-6204-1 openssh - security update
Replies
0
Views
242
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8228-1: Exim vulnerabilities
Replies
0
Views
121
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8294-1: PostgreSQL vulnerabilities
Replies
0
Views
93
LinuxBot
LinuxBot


Follow Linux.org

Members online

Total: 4,645 (members: 3, guests: 4,642)

Latest posts

Top