MiracleLinux 7 : openssh-7.4p1-23.0.3.0.1.el7.AXS7 (AXSA:2025-9844:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9844:01 advisory. CVE-2025-26465: fix vulnerability in OpenSSH when the VerifyHostKeyDNS option is enabled CVEs: CVE-2025-26465 A vulnerability was found in OpenSSH when the...

MiracleLinux 9 : openssh-8.7p1-45.el9.ML.1 (AXSA:2025-10048:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10048:02 advisory. openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled CVE-2025-26465 Tenable has extracted the preceding description block directly from the...

Security Bulletin:Vulnerability in OpenSSH affects IBM Netezza Appliance

Summary The OpenSSH package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-26465 Vulnerability Details CVEID:CVE-2025-26465 DESCRIPTION: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle...

openssh security update

8.0p1-26.0.1 - Update upstream references Orabug: 36587718 8.0p1-26 - Fix missing invalid error code checks in OpenSSH. It prevents a MITM attack when VerifyHostKeyDNS is on CVE-2025-26465 Resolves: RHEL-109228...

ALSA-2025:16823 Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled CVE-2025-26465 For more...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2025-1879)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

CLSA-2025-1742731930 openssh: Fix of CVE-2025-26465

CVE-2025-26465: fix vulnerability in OpenSSH when the VerifyHostKeyDNS option is enabled - enlarge format buffer size for certificate serial number so the log message can record any 64-bit integer without truncation openssh bz3012 Orabug: 30448895...

CLSA-2025-1742722852 openssh: Fix of CVE-2025-26465

CVE-2025-26465: fix vulnerability in OpenSSH when the VerifyHostKeyDNS option is enabled...

CLSA-2025-1742661734 openssh: Fix of CVE-2025-26465

CVE-2025-26465: fix vulnerability in OpenSSH when the VerifyHostKeyDNS option is enabled...

Medium: openssh

Issue Overview: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying...

Updated openssh packages fix security vulnerability

Machine-in-the-middle attack vulnerability if verifyhostkeydns is enabled. CVE-2025-26465...

Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled

...

AZL-56894 CVE-2025-26465 affecting package openssh for versions less than 9.8p1-3

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

DEBIAN-CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

Exploit for Detection of Error Condition Without Action in Openbsd Openssh

CVE-2025-26465 The OpenSSH client contains a logic error betw...

Security update for openssh

This update for openssh fixes the following issues: CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server bsc1237041. Patch Instructions: To install this SUSE update use the SUSE...

SUSE CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

UBUNTU-CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

DEBIAN-CVE-2014-2653

The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate...