Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-6993

Опубликовано: 16 мая 2025
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2025-6993: openssh security update (MODERATE)

[8.7p1-45.0.2]

  • Upstream references found with /usr/bin/ssh [Orabug: 37814929]

[8.7p1-45.0.1]

  • upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand [Orabug: 37647064]
  • Update upstream references [Orabug: 36564626]

[8.7p1-45]

  • Fix missing error codes set and invalid error code checks in OpenSSH. It prevents memory exhaustion attack and a MITM attack when VerifyHostKeyDNS is on (CVE-2025-26465). Resolves: RHEL-78700

[8.7p1-44]

  • Add extra help information on ssh early failure Resolves: RHEL-33809
  • Provide details on crypto error instead of 'error in libcrypto' Resolves: RHEL-52293
  • Allow duplicate Subsystem directive Resolves: RHEL-47112

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

openssh

8.7p1-45.0.2.el9

openssh-clients

8.7p1-45.0.2.el9

openssh-keycat

8.7p1-45.0.2.el9

openssh-server

8.7p1-45.0.2.el9

pam_ssh_agent_auth

0.10.4-5.45.0.2.el9

openssh-askpass

8.7p1-45.0.2.el9

Oracle Linux x86_64

openssh-askpass

8.7p1-45.0.2.el9

pam_ssh_agent_auth

0.10.4-5.45.0.2.el9

openssh

8.7p1-45.0.2.el9

openssh-clients

8.7p1-45.0.2.el9

openssh-keycat

8.7p1-45.0.2.el9

openssh-server

8.7p1-45.0.2.el9

Связанные CVE

CVE-2025-26465

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2025-26465

CVSS3: 6.8
ubuntu
4 месяца назад

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

redhat логотип

CVE-2025-26465

CVSS3: 6.8
redhat
4 месяца назад

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

nvd логотип

CVE-2025-26465

CVSS3: 6.8
nvd
4 месяца назад

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

msrc логотип

CVE-2025-26465

CVSS3: 6.8
msrc
4 месяца назад

Описание отсутствует

debian логотип

CVE-2025-26465

CVSS3: 6.8
debian
4 месяца назад

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option ...

Уязвимость ELSA-2025-6993