Описание
Security update for openssh
This update for openssh fixes the following issues:
- CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198)
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
openssh-7.2p2-81.34.1
openssh-askpass-gnome-7.2p2-81.34.1
openssh-fips-7.2p2-81.34.1
openssh-helpers-7.2p2-81.34.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
openssh-7.2p2-81.34.1
openssh-askpass-gnome-7.2p2-81.34.1
openssh-fips-7.2p2-81.34.1
openssh-helpers-7.2p2-81.34.1
Ссылки
- Link for SUSE-SU-2025:4097-1
- E-Mail link for SUSE-SU-2025:4097-1
- SUSE Security Ratings
- SUSE Bug 1251198
- SUSE CVE CVE-2025-61984 page
Описание
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:openssh-7.2p2-81.34.1
SUSE Linux Enterprise Server 12 SP5-LTSS:openssh-askpass-gnome-7.2p2-81.34.1
SUSE Linux Enterprise Server 12 SP5-LTSS:openssh-fips-7.2p2-81.34.1
SUSE Linux Enterprise Server 12 SP5-LTSS:openssh-helpers-7.2p2-81.34.1
Ссылки
- CVE-2025-61984
- SUSE Bug 1251198