ELSA-2025-23480

Опубликовано: 18 дек. 2025

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2025-23480: openssh security update (MODERATE)

[8.7p1-47.0.1]

Upstream references found with /usr/bin/ssh [Orabug: 37814929]
upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand [Orabug: 37647064]
Update upstream references [Orabug: 36564626]

[8.7p1-47]

CVE-2025-61984: Reject usernames with control characters Resolves: RHEL-128401
CVE-2025-61985: Reject URL-strings with NULL characters Resolves: RHEL-128392

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

openssh

8.7p1-47.0.1.el9_7

openssh-askpass

8.7p1-47.0.1.el9_7

openssh-clients

8.7p1-47.0.1.el9_7

openssh-keycat

8.7p1-47.0.1.el9_7

openssh-server

8.7p1-47.0.1.el9_7

pam_ssh_agent_auth

0.10.4-5.47.0.1.el9_7

Oracle Linux x86_64

openssh

8.7p1-47.0.1.el9_7

openssh-askpass

8.7p1-47.0.1.el9_7

openssh-clients

8.7p1-47.0.1.el9_7

openssh-keycat

8.7p1-47.0.1.el9_7

openssh-server

8.7p1-47.0.1.el9_7

pam_ssh_agent_auth

0.10.4-5.47.0.1.el9_7

Связанные CVE

CVE-2025-61984

CVE-2025-61985

Ссылки на источники

Связанные уязвимости

openSUSE-SU-2025:20122-1

suse-cvrf

около 2 месяцев назад

Security update for openssh

SUSE-SU-2025:4112-1

suse-cvrf

2 месяца назад

Security update for openssh

SUSE-SU-2025:4098-1

suse-cvrf

2 месяца назад

Security update for openssh8.4

SUSE-SU-2025:4067-1

suse-cvrf

2 месяца назад

Security update for openssh

RLSA-2025:23481

rocky

29 дней назад

Moderate: openssh security update