Date: Tue, 18 Feb 2025 17:57:19 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 284883] openssh 9.9p2 security release Message-ID: <bug-284883-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D284883 Bug ID: 284883 Summary: openssh 9.9p2 security release Product: Base System Version: Unspecified Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: doctor@doctor.nl2k.ab.ca Got this this morning OpenSSH 9.9p2 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: https://www.openssh.com/donations.html Changes since OpenSSH 9.9p1 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D This release fixes two security bugs. Security =3D=3D=3D=3D=3D=3D=3D=3D * Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1 (inclusive) contained a logic error that allowed an on-path attacker (a.k.a MITM) to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1 (inclusive) is vulnerable to a memory/CPU denial-of-service related to the handling of SSH2_MSG_PING packets. This condition may be mitigated using the existing PerSourcePenalties feature. Both vulnerabilities were discovered and demonstrated to be exploitable by the Qualys Security Advisory team. We thank them for their detailed review of OpenSSH. For OpenBSD, fixes to these problems are available as errata; refer to https://www.openbsd.org/errata.html Bugfixes =3D=3D=3D=3D=3D=3D=3D=3D * ssh(1), sshd(8): fix regression in Match directive that caused failures when predicates and their arguments were separated by '=3D' characters instead of whitespace (bz3739). * sshd(8): fix the "Match invalid-user" predicate, which was matching incorrectly in the initial pass of config evaluation. * ssh(1), sshd(8), ssh-keyscan(1): fix mlkem768x25519-sha256 key exchange on big-endian systems. * Fix a number of build problems on particular operating systems / configurations. Checksums: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D - SHA1 (openssh-9.9p2.tar.gz) =3D edefe960645780dee78059c444d4261667ad3056 - SHA256 (openssh-9.9p2.tar.gz) =3D karbYD4IzChe3fll4RmdAlhfqU2ZTWyuW0Hhch= 4hVnM=3D Please note that the SHA256 signatures are base64 encoded and not hexadecimal (which is the default for most checksum tools). The PGP key used to sign the releases is available from the mirror sites: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc Reporting Bugs: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D - Please read https://www.openssh.com/report.html Security bugs should be reported directly to openssh@openssh.com _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev Does this affect FreeBSD? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-284883-227>