CLSA-2026-1777950533 openssh: Fix of CVE-2026-3497

CVE-2026-3497: fix information disclosure / DoS in GSSAPI key exchange by initialising gssbuf, recvtok, msgtok to GSSCEMPTYBUFFER and replacing non-terminating sshpktdisconnect with sshpacketdisconnect in kexgssc.c / kexgsss.c...

CLSA-2026-1777455730 openssh: Fix of CVE-2026-3497

CVE-2026-3497: fix information disclosure or denial of service due to uninitialized variables in GSSAPI key exchange...

Debian dsa-6204 : openssh-client - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6204 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6204-1 [email protected]...

Debian dla-4535 : openssh-client - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4535 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4535-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DLA 4535-1] openssh security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4535-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 16, 2026 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 6204-1] openssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6204-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 09, 2026 https://www.debian.org/security/faq -...

Oracle Linux 8 : openssh (ELSA-2026-6461)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-6461 advisory. 8.0p1-28.0.1 - Update upstream references Orabug: 36587718 8.0p1-28 - CVE-2026-3497: Fix information disclosure or denial of service due to uninitialized...

Oracle Linux 10 : openssh (ELSA-2026-6463)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-6463 advisory. 9.9p1-13.0.1 - Upstream references found with /usr/bin/ssh Orabug: 37824421 9.9p1-13 - CVE-2026-3497: Fix information disclosure or denial of service due to...

openssh security update

8.0p1-28.0.1 - Update upstream references Orabug: 36587718 8.0p1-28 - CVE-2026-3497: Fix information disclosure or denial of service due to uninitialized variables in gssapi-keyex Resolves: RHEL-155814...

Ubuntu: Security Advisory (USN-8090-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-8090-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : OpenSSH vulnerabilities (USN-8090-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8090-1 advisory. Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations...

USN-8090-2 openssh vulnerabilities

USN-8090-1 fixed vulnerabilities in OpenSSH. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the...

USN-8090-1 openssh vulnerabilities

Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the GSSAPIKeyExchange setting is enabled, a remote attacker could use this issue to cause OpenSSH to crash, resulting in a denial of service, or possibly...

Security update for openssh

This update for openssh fixes the following issue: Security fixes: CVE-2025-32728: Fixed logic error in DisableForwarding option bsc1241012 Other fixes: - Fix ssh client segfault with GSSAPIKeyExchange=yes in sshkex2 due to gssapi proposal not being correctly initialized bsc1236826. The problem...

SUSE-SU-2025:01638-1 Security update for openssh

This update for openssh fixes the following issue: Security fixes: - CVE-2025-32728: Fixed logic error in DisableForwarding option bsc1241012 Other fixes: - Fix ssh client segfault with GSSAPIKeyExchange=yes in sshkex2 due to gssapi proposal not being correctly initialized bsc1236826. The problem...