SUSE-SU-2025:0744-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-20250744-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0744-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2025:0744-1
- Related
- Published
- 2025-02-28T14:39:36Z
- Modified
- 2025-02-28T14:39:36Z
- Summary
- Security update for openssh8.4
- Details
-
This update for openssh8.4 fixes the following issues:
- CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040).
Other bugfixes:
- Fix usage of local accelerator cards via openssl-ibmca (bsc#1216474, bsc#1218871).
- Add patches from upstream to change the default value of UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled) (bsc#1222831).
- Fix hostbased ssh login failing occasionally with 'signature unverified: incorrect signature' by fixing a typo in patch (bsc#1221123).
- For now we don't ship the ssh-keycat command, but we need the patch for the other SELinux infrastructure (bsc#1214788).
- Attempts to mitigate instances of secrets lingering in memory after a session exits (bsc#1213004, bsc#1213008, bsc#1186673).
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-20250744-1/
- https://bugzilla.suse.com/1186673
- https://bugzilla.suse.com/1213004
- https://bugzilla.suse.com/1213008
- https://bugzilla.suse.com/1214788
- https://bugzilla.suse.com/1216474
- https://bugzilla.suse.com/1218871
- https://bugzilla.suse.com/1221123
- https://bugzilla.suse.com/1222831
- https://bugzilla.suse.com/1237040
- https://www.suse.com/security/cve/CVE-2025-26465
Affected packages
SUSE:Linux Enterprise Server 12 SP5-LTSS / openssh8.4
Package
- Name
- openssh8.4
- Purl
- pkg:rpm/suse/openssh8.4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS