6 matches found
Moderate: Red Hat Security Advisory: openssh security update
An update for openssh is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CLSA-2026-1767955216 openssh: Fix of 2 CVEs
CVE-2025-61984: fix username handling by rejecting control characters from untrusted sources to prevent ProxyCommand code execution - CVE-2025-61985: disallowed NUL characters in ssh:// URI parsing to prevent ProxyCommand-based code execution...
AlmaLinux 10 : openssh (ALSA-2025:23479)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23479 advisory. openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand CVE-2025-61984 openssh: OpenSSH: Null character in ssh://...
RockyLinux 8 : openssh (RLSA-2025:23481)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:23481 advisory. openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand CVE-2025-61984 openssh: OpenSSH: Null character in ssh://...
SUSE SLES12: openssh8.4 / openssh8.4-clients / openssh8.4-common / etc (SUSE-SU-2025:4098-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4098-1 advisory. - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used bsc1251198 - CVE-2025-61985: Fixed code...
AZL-68231 CVE-2025-61984 affecting package openssh for versions less than 9.8p1-5
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. A configuration...