Updated openssh packages fix security vulnerabilities

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. CVE-2025-61984...

RHEL 9 : openssh (RHSA-2026:1815)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1815 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

Moderate: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 9 : openssh (RHSA-2026:0976)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0976 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

AlmaLinux 10 : openssh (ALSA-2025:23479)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23479 advisory. openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand CVE-2025-61984 openssh: OpenSSH: Null character in ssh://...

RHEL 8 : openssh (RHSA-2025:23481)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23481 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

ROS-20251203-09

A vulnerability in the ProxyCommand component of the OpenSSH cryptographic protection tool is related to the injection of a null byte %00 in the username string. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

SUSE SLES15 Security Update : openssh (SUSE-SU-2025:4112-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4112-1 advisory. - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used bsc1251198 - CVE-2025-61985:...

SUSE SLES12 Security Update : openssh8.4 (SUSE-SU-2025:4098-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4098-1 advisory. - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used bsc1251198 - CVE-2025-61985: Fixed code...

SUSE-SU-2025:4098-1 Security update for openssh8.4

This update for openssh8.4 fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used bsc1251198 - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used bsc1251199...

AZL-68228 CVE-2025-61985 affecting package openssh for versions less than 9.8p1-5

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...

RLSA-2024:2504 Low: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values for digests...