Описание
Security update for openssh
This update for openssh fixes the following issues:
- CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198)
- CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199)
Список пакетов
Container suse/manager/4.3/proxy-ssh:latest
openssh-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
Container suse/sle-micro-rancher/5.2:latest
openssh-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
Container suse/sle-micro-rancher/5.3:latest
openssh-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
Container suse/sle-micro-rancher/5.4:latest
openssh-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
Container suse/sle-micro/5.5:latest
openssh-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Enterprise Storage 7.1
openssh-8.4p1-150300.3.57.1
openssh-askpass-gnome-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-helpers-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
openssh-8.4p1-150300.3.57.1
openssh-askpass-gnome-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-helpers-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
openssh-8.4p1-150300.3.57.1
openssh-askpass-gnome-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-helpers-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
openssh-8.4p1-150300.3.57.1
openssh-askpass-gnome-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-helpers-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
openssh-8.4p1-150300.3.57.1
openssh-askpass-gnome-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-helpers-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
openssh-8.4p1-150300.3.57.1
openssh-askpass-gnome-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-helpers-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Linux Enterprise Micro 5.2
openssh-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Linux Enterprise Micro 5.3
openssh-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Linux Enterprise Micro 5.4
openssh-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Linux Enterprise Micro 5.5
openssh-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Linux Enterprise Server 15 SP3-LTSS
openssh-8.4p1-150300.3.57.1
openssh-askpass-gnome-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-helpers-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Linux Enterprise Server 15 SP4-LTSS
openssh-8.4p1-150300.3.57.1
openssh-askpass-gnome-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-helpers-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Linux Enterprise Server 15 SP5-LTSS
openssh-8.4p1-150300.3.57.1
openssh-askpass-gnome-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-helpers-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
openssh-8.4p1-150300.3.57.1
openssh-askpass-gnome-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-helpers-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
openssh-8.4p1-150300.3.57.1
openssh-askpass-gnome-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-helpers-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
openssh-8.4p1-150300.3.57.1
openssh-askpass-gnome-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-helpers-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Manager Proxy LTS 4.3
openssh-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-helpers-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
SUSE Manager Server LTS 4.3
openssh-8.4p1-150300.3.57.1
openssh-clients-8.4p1-150300.3.57.1
openssh-common-8.4p1-150300.3.57.1
openssh-fips-8.4p1-150300.3.57.1
openssh-helpers-8.4p1-150300.3.57.1
openssh-server-8.4p1-150300.3.57.1
Ссылки
- Link for SUSE-SU-2025:4112-1
- E-Mail link for SUSE-SU-2025:4112-1
- SUSE Security Ratings
- SUSE Bug 1251198
- SUSE Bug 1251199
- SUSE CVE CVE-2025-61984 page
- SUSE CVE CVE-2025-61985 page
Описание
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)
Затронутые продукты
Container suse/manager/4.3/proxy-ssh:latest:openssh-8.4p1-150300.3.57.1
Container suse/manager/4.3/proxy-ssh:latest:openssh-clients-8.4p1-150300.3.57.1
Container suse/manager/4.3/proxy-ssh:latest:openssh-common-8.4p1-150300.3.57.1
Container suse/manager/4.3/proxy-ssh:latest:openssh-fips-8.4p1-150300.3.57.1
Ссылки
- CVE-2025-61984
- SUSE Bug 1251198
Описание
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
Затронутые продукты
Container suse/manager/4.3/proxy-ssh:latest:openssh-8.4p1-150300.3.57.1
Container suse/manager/4.3/proxy-ssh:latest:openssh-clients-8.4p1-150300.3.57.1
Container suse/manager/4.3/proxy-ssh:latest:openssh-common-8.4p1-150300.3.57.1
Container suse/manager/4.3/proxy-ssh:latest:openssh-fips-8.4p1-150300.3.57.1
Ссылки
- CVE-2025-61985
- SUSE Bug 1251199