Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:16823

Опубликовано: 03 окт. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

  • openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled (CVE-2025-26465)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
opensshx86_6426.el8_10openssh-8.0p1-26.el8_10.x86_64.rpm
openssh-cavsx86_6426.el8_10openssh-cavs-8.0p1-26.el8_10.x86_64.rpm
openssh-clientsx86_6426.el8_10openssh-clients-8.0p1-26.el8_10.x86_64.rpm
openssh-keycatx86_6426.el8_10openssh-keycat-8.0p1-26.el8_10.x86_64.rpm
openssh-ldapx86_6426.el8_10openssh-ldap-8.0p1-26.el8_10.x86_64.rpm
openssh-serverx86_6426.el8_10openssh-server-8.0p1-26.el8_10.x86_64.rpm
pam_ssh_agent_authx86_647.26.el8_10pam_ssh_agent_auth-0.10.3-7.26.el8_10.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-26465

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2025-26465

CVSS3: 6.8
ubuntu
9 месяцев назад

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

redhat логотип

CVE-2025-26465

CVSS3: 6.8
redhat
9 месяцев назад

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

nvd логотип

CVE-2025-26465

CVSS3: 6.8
nvd
9 месяцев назад

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

msrc логотип

CVE-2025-26465

CVSS3: 6.8
msrc
9 месяцев назад

Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled

debian логотип

CVE-2025-26465

CVSS3: 6.8
debian
9 месяцев назад

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option ...