Описание
Security update for openssh
This update for openssh fixes the following issue:
Security fixes:
- CVE-2025-32728: Fixed logic error in DisableForwarding option (bsc#1241012)
Other fixes:
- Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized (bsc#1236826). The problem was introduced in the rebase of the patch for 9.6p1
- Enable --with-logind to call the SetTTY dbus method in systemd. This allows 'wall' to print messages in ssh ttys (bsc#1239671)
Список пакетов
Container suse/git:latest
openssh-clients-9.6p1-150600.6.26.1
openssh-common-9.6p1-150600.6.26.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
openssh-9.6p1-150600.6.26.1
openssh-clients-9.6p1-150600.6.26.1
openssh-common-9.6p1-150600.6.26.1
openssh-server-9.6p1-150600.6.26.1
Image SLES15-SP6
openssh-9.6p1-150600.6.26.1
openssh-clients-9.6p1-150600.6.26.1
openssh-common-9.6p1-150600.6.26.1
openssh-server-9.6p1-150600.6.26.1
Image SLES15-SP6-Azure-3P
openssh-9.6p1-150600.6.26.1
openssh-clients-9.6p1-150600.6.26.1
openssh-common-9.6p1-150600.6.26.1
openssh-server-9.6p1-150600.6.26.1
Image SLES15-SP6-Azure-Standard
openssh-9.6p1-150600.6.26.1
openssh-clients-9.6p1-150600.6.26.1
openssh-common-9.6p1-150600.6.26.1
openssh-server-9.6p1-150600.6.26.1
Image SLES15-SP6-BYOS
openssh-9.6p1-150600.6.26.1
openssh-clients-9.6p1-150600.6.26.1
openssh-common-9.6p1-150600.6.26.1
openssh-server-9.6p1-150600.6.26.1
openssh-server-config-disallow-rootlogin-9.6p1-150600.6.26.1
Image SLES15-SP6-BYOS-EC2
openssh-9.6p1-150600.6.26.1
openssh-clients-9.6p1-150600.6.26.1
openssh-common-9.6p1-150600.6.26.1
openssh-server-9.6p1-150600.6.26.1
openssh-server-config-disallow-rootlogin-9.6p1-150600.6.26.1
Image SLES15-SP6-BYOS-GCE
openssh-9.6p1-150600.6.26.1
openssh-clients-9.6p1-150600.6.26.1
openssh-common-9.6p1-150600.6.26.1
openssh-server-9.6p1-150600.6.26.1
openssh-server-config-disallow-rootlogin-9.6p1-150600.6.26.1
Image SLES15-SP6-GCE
openssh-9.6p1-150600.6.26.1
openssh-clients-9.6p1-150600.6.26.1
openssh-common-9.6p1-150600.6.26.1
openssh-server-9.6p1-150600.6.26.1
openssh-server-config-disallow-rootlogin-9.6p1-150600.6.26.1
Image SLES15-SP6-Hardened-BYOS
openssh-9.6p1-150600.6.26.1
openssh-clients-9.6p1-150600.6.26.1
openssh-common-9.6p1-150600.6.26.1
openssh-server-9.6p1-150600.6.26.1
openssh-server-config-disallow-rootlogin-9.6p1-150600.6.26.1
Image SLES15-SP6-Hardened-BYOS-EC2
openssh-9.6p1-150600.6.26.1
openssh-clients-9.6p1-150600.6.26.1
openssh-common-9.6p1-150600.6.26.1
openssh-server-9.6p1-150600.6.26.1
openssh-server-config-disallow-rootlogin-9.6p1-150600.6.26.1
Image SLES15-SP6-Hardened-BYOS-GCE
openssh-9.6p1-150600.6.26.1
openssh-clients-9.6p1-150600.6.26.1
openssh-common-9.6p1-150600.6.26.1
openssh-server-9.6p1-150600.6.26.1
openssh-server-config-disallow-rootlogin-9.6p1-150600.6.26.1
Image SLES15-SP6-SAP
openssh-9.6p1-150600.6.26.1
openssh-clients-9.6p1-150600.6.26.1
openssh-common-9.6p1-150600.6.26.1
openssh-server-9.6p1-150600.6.26.1
openssh-server-config-disallow-rootlogin-9.6p1-150600.6.26.1
Image SLES15-SP6-SAP-GCE
openssh-9.6p1-150600.6.26.1
openssh-clients-9.6p1-150600.6.26.1
openssh-common-9.6p1-150600.6.26.1
openssh-server-9.6p1-150600.6.26.1
openssh-server-config-disallow-rootlogin-9.6p1-150600.6.26.1
Image SLES15-SP6-SAPCAL
openssh-9.6p1-150600.6.26.1
openssh-clients-9.6p1-150600.6.26.1
openssh-common-9.6p1-150600.6.26.1
openssh-server-9.6p1-150600.6.26.1
openssh-server-config-disallow-rootlogin-9.6p1-150600.6.26.1
Image SLES15-SP6-SAPCAL-GCE
openssh-9.6p1-150600.6.26.1
openssh-clients-9.6p1-150600.6.26.1
openssh-common-9.6p1-150600.6.26.1
openssh-server-9.6p1-150600.6.26.1
openssh-server-config-disallow-rootlogin-9.6p1-150600.6.26.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
openssh-9.6p1-150600.6.26.1
openssh-clients-9.6p1-150600.6.26.1
openssh-common-9.6p1-150600.6.26.1
openssh-fips-9.6p1-150600.6.26.1
openssh-helpers-9.6p1-150600.6.26.1
openssh-server-9.6p1-150600.6.26.1
openssh-server-config-disallow-rootlogin-9.6p1-150600.6.26.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7
openssh-askpass-gnome-9.6p1-150600.6.26.1
Ссылки
- Link for SUSE-SU-2025:01638-2
- E-Mail link for SUSE-SU-2025:01638-2
- SUSE Security Ratings
- SUSE Bug 1236826
- SUSE Bug 1239671
- SUSE Bug 1241012
- SUSE CVE CVE-2025-32728 page
Описание
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
Затронутые продукты
Container suse/git:latest:openssh-clients-9.6p1-150600.6.26.1
Container suse/git:latest:openssh-common-9.6p1-150600.6.26.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:openssh-9.6p1-150600.6.26.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:openssh-clients-9.6p1-150600.6.26.1
Ссылки
- CVE-2025-32728
- SUSE Bug 1241012