Security update for openssh SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20226-1 Final 1 1 2025-02-26T13:46:04Z current 2025-02-26T13:46:04Z 2025-02-26T13:46:04Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openssh This update for openssh fixes the following issues: Security issues fixed: - CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040) - CVE-2025-26466: Fixed a DoS attack against OpenSSH's client and server (bsc#1237041) Other issues fixed: - Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized (bsc#1236826). - Add a patch to fix a regression introduced in 9.6 that makes X11 forwarding very slow. (bsc#1229449) - Fixed RFC4256 implementation so that keyboard-interactive authentication method can send instructions and sshd shows them to users even before a prompt is requested. This fixes MFA push notifications (bsc#1229010). - Fix a dbus connection leaked in the logind patch that was missing a sd_bus_unref call - Add a patch that fixes a small memory leak when parsing the subsystem configuration option: - Remove empty line at the end of sshd-sle.pamd (bsc#1227456) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.1-21 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520226-1/ Link for SUSE-SU-2025:20226-1 https://lists.suse.com/pipermail/sle-security-updates/2025-June/021099.html E-Mail link for SUSE-SU-2025:20226-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1227456 SUSE Bug 1227456 https://bugzilla.suse.com/1229010 SUSE Bug 1229010 https://bugzilla.suse.com/1229072 SUSE Bug 1229072 https://bugzilla.suse.com/1229449 SUSE Bug 1229449 https://bugzilla.suse.com/1236826 SUSE Bug 1236826 https://bugzilla.suse.com/1237040 SUSE Bug 1237040 https://bugzilla.suse.com/1237041 SUSE Bug 1237041 https://www.suse.com/security/cve/CVE-2025-26465/ SUSE CVE CVE-2025-26465 page https://www.suse.com/security/cve/CVE-2025-26466/ SUSE CVE CVE-2025-26466 page SUSE Linux Micro 6.1 openssh-9.6p1-slfo.1.1_2.1 openssh-clients-9.6p1-slfo.1.1_2.1 openssh-common-9.6p1-slfo.1.1_2.1 openssh-fips-9.6p1-slfo.1.1_2.1 openssh-server-9.6p1-slfo.1.1_2.1 openssh-server-config-rootlogin-9.6p1-slfo.1.1_2.1 openssh-9.6p1-slfo.1.1_2.1 as a component of SUSE Linux Micro 6.1 openssh-clients-9.6p1-slfo.1.1_2.1 as a component of SUSE Linux Micro 6.1 openssh-common-9.6p1-slfo.1.1_2.1 as a component of SUSE Linux Micro 6.1 openssh-fips-9.6p1-slfo.1.1_2.1 as a component of SUSE Linux Micro 6.1 openssh-server-9.6p1-slfo.1.1_2.1 as a component of SUSE Linux Micro 6.1 openssh-server-config-rootlogin-9.6p1-slfo.1.1_2.1 as a component of SUSE Linux Micro 6.1 A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. CVE-2025-26465 SUSE Linux Micro 6.1:openssh-9.6p1-slfo.1.1_2.1 SUSE Linux Micro 6.1:openssh-clients-9.6p1-slfo.1.1_2.1 SUSE Linux Micro 6.1:openssh-common-9.6p1-slfo.1.1_2.1 SUSE Linux Micro 6.1:openssh-fips-9.6p1-slfo.1.1_2.1 SUSE Linux Micro 6.1:openssh-server-9.6p1-slfo.1.1_2.1 SUSE Linux Micro 6.1:openssh-server-config-rootlogin-9.6p1-slfo.1.1_2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520226-1/ https://www.suse.com/security/cve/CVE-2025-26465.html CVE-2025-26465 https://bugzilla.suse.com/1237040 SUSE Bug 1237040 https://bugzilla.suse.com/1237041 SUSE Bug 1237041 A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack. CVE-2025-26466 SUSE Linux Micro 6.1:openssh-9.6p1-slfo.1.1_2.1 SUSE Linux Micro 6.1:openssh-clients-9.6p1-slfo.1.1_2.1 SUSE Linux Micro 6.1:openssh-common-9.6p1-slfo.1.1_2.1 SUSE Linux Micro 6.1:openssh-fips-9.6p1-slfo.1.1_2.1 SUSE Linux Micro 6.1:openssh-server-9.6p1-slfo.1.1_2.1 SUSE Linux Micro 6.1:openssh-server-config-rootlogin-9.6p1-slfo.1.1_2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520226-1/ https://www.suse.com/security/cve/CVE-2025-26466.html CVE-2025-26466 https://bugzilla.suse.com/1237041 SUSE Bug 1237041