csaf_suse - suse-su-2025:0744-1

suse-su-2025:0744-1

Vulnerability from csaf_suse

Published

2025-02-28 14:39

Modified

2025-02-28 14:39

Summary

Security update for openssh8.4

Notes

Title of the patch

Security update for openssh8.4

Description of the patch

This update for openssh8.4 fixes the following issues: - CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). Other bugfixes: - Fix usage of local accelerator cards via openssl-ibmca (bsc#1216474, bsc#1218871). - Add patches from upstream to change the default value of UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled) (bsc#1222831). - Fix hostbased ssh login failing occasionally with 'signature unverified: incorrect signature' by fixing a typo in patch (bsc#1221123). - For now we don't ship the ssh-keycat command, but we need the patch for the other SELinux infrastructure (bsc#1214788). - Attempts to mitigate instances of secrets lingering in memory after a session exits (bsc#1213004, bsc#1213008, bsc#1186673).

Patchnames

SUSE-2025-744,SUSE-SLE-SERVER-12-SP5-LTSS-2025-744,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-744

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openssh8.4",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for openssh8.4 fixes the following issues:\n\n- CVE-2025-26465: Fixed a MitM attack against OpenSSH\u0027s VerifyHostKeyDNS-enabled client (bsc#1237040).\n\nOther bugfixes:\n\n- Fix usage of local accelerator cards via openssl-ibmca (bsc#1216474, bsc#1218871).\n- Add patches from upstream to change the default value of UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled) (bsc#1222831).\n- Fix hostbased ssh login failing occasionally with \u0027signature unverified: incorrect signature\u0027 by fixing a typo in patch (bsc#1221123).\n- For now we don\u0027t ship the ssh-keycat command, but we need the patch for the other SELinux infrastructure (bsc#1214788).\n- Attempts to mitigate instances of secrets lingering in memory after a session exits (bsc#1213004, bsc#1213008, bsc#1186673).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-744,SUSE-SLE-SERVER-12-SP5-LTSS-2025-744,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-744",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0744-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:0744-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250744-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:0744-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020457.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1186673",
        "url": "https://bugzilla.suse.com/1186673"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1213004",
        "url": "https://bugzilla.suse.com/1213004"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1213008",
        "url": "https://bugzilla.suse.com/1213008"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1214788",
        "url": "https://bugzilla.suse.com/1214788"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1216474",
        "url": "https://bugzilla.suse.com/1216474"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218871",
        "url": "https://bugzilla.suse.com/1218871"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1221123",
        "url": "https://bugzilla.suse.com/1221123"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1222831",
        "url": "https://bugzilla.suse.com/1222831"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1237040",
        "url": "https://bugzilla.suse.com/1237040"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-26465 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-26465/"
      }
    ],
    "title": "Security update for openssh8.4",
    "tracking": {
      "current_release_date": "2025-02-28T14:39:36Z",
      "generator": {
        "date": "2025-02-28T14:39:36Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:0744-1",
      "initial_release_date": "2025-02-28T14:39:36Z",
      "revision_history": [
        {
          "date": "2025-02-28T14:39:36Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh8.4-8.4p1-8.16.1.aarch64",
                "product": {
                  "name": "openssh8.4-8.4p1-8.16.1.aarch64",
                  "product_id": "openssh8.4-8.4p1-8.16.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-cavs-8.4p1-8.16.1.aarch64",
                "product": {
                  "name": "openssh8.4-cavs-8.4p1-8.16.1.aarch64",
                  "product_id": "openssh8.4-cavs-8.4p1-8.16.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-clients-8.4p1-8.16.1.aarch64",
                "product": {
                  "name": "openssh8.4-clients-8.4p1-8.16.1.aarch64",
                  "product_id": "openssh8.4-clients-8.4p1-8.16.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-common-8.4p1-8.16.1.aarch64",
                "product": {
                  "name": "openssh8.4-common-8.4p1-8.16.1.aarch64",
                  "product_id": "openssh8.4-common-8.4p1-8.16.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-fips-8.4p1-8.16.1.aarch64",
                "product": {
                  "name": "openssh8.4-fips-8.4p1-8.16.1.aarch64",
                  "product_id": "openssh8.4-fips-8.4p1-8.16.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-helpers-8.4p1-8.16.1.aarch64",
                "product": {
                  "name": "openssh8.4-helpers-8.4p1-8.16.1.aarch64",
                  "product_id": "openssh8.4-helpers-8.4p1-8.16.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-server-8.4p1-8.16.1.aarch64",
                "product": {
                  "name": "openssh8.4-server-8.4p1-8.16.1.aarch64",
                  "product_id": "openssh8.4-server-8.4p1-8.16.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh8.4-8.4p1-8.16.1.i586",
                "product": {
                  "name": "openssh8.4-8.4p1-8.16.1.i586",
                  "product_id": "openssh8.4-8.4p1-8.16.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-cavs-8.4p1-8.16.1.i586",
                "product": {
                  "name": "openssh8.4-cavs-8.4p1-8.16.1.i586",
                  "product_id": "openssh8.4-cavs-8.4p1-8.16.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-clients-8.4p1-8.16.1.i586",
                "product": {
                  "name": "openssh8.4-clients-8.4p1-8.16.1.i586",
                  "product_id": "openssh8.4-clients-8.4p1-8.16.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-common-8.4p1-8.16.1.i586",
                "product": {
                  "name": "openssh8.4-common-8.4p1-8.16.1.i586",
                  "product_id": "openssh8.4-common-8.4p1-8.16.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-fips-8.4p1-8.16.1.i586",
                "product": {
                  "name": "openssh8.4-fips-8.4p1-8.16.1.i586",
                  "product_id": "openssh8.4-fips-8.4p1-8.16.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-helpers-8.4p1-8.16.1.i586",
                "product": {
                  "name": "openssh8.4-helpers-8.4p1-8.16.1.i586",
                  "product_id": "openssh8.4-helpers-8.4p1-8.16.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-server-8.4p1-8.16.1.i586",
                "product": {
                  "name": "openssh8.4-server-8.4p1-8.16.1.i586",
                  "product_id": "openssh8.4-server-8.4p1-8.16.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh8.4-8.4p1-8.16.1.ppc64le",
                "product": {
                  "name": "openssh8.4-8.4p1-8.16.1.ppc64le",
                  "product_id": "openssh8.4-8.4p1-8.16.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-cavs-8.4p1-8.16.1.ppc64le",
                "product": {
                  "name": "openssh8.4-cavs-8.4p1-8.16.1.ppc64le",
                  "product_id": "openssh8.4-cavs-8.4p1-8.16.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-clients-8.4p1-8.16.1.ppc64le",
                "product": {
                  "name": "openssh8.4-clients-8.4p1-8.16.1.ppc64le",
                  "product_id": "openssh8.4-clients-8.4p1-8.16.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-common-8.4p1-8.16.1.ppc64le",
                "product": {
                  "name": "openssh8.4-common-8.4p1-8.16.1.ppc64le",
                  "product_id": "openssh8.4-common-8.4p1-8.16.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-fips-8.4p1-8.16.1.ppc64le",
                "product": {
                  "name": "openssh8.4-fips-8.4p1-8.16.1.ppc64le",
                  "product_id": "openssh8.4-fips-8.4p1-8.16.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-helpers-8.4p1-8.16.1.ppc64le",
                "product": {
                  "name": "openssh8.4-helpers-8.4p1-8.16.1.ppc64le",
                  "product_id": "openssh8.4-helpers-8.4p1-8.16.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-server-8.4p1-8.16.1.ppc64le",
                "product": {
                  "name": "openssh8.4-server-8.4p1-8.16.1.ppc64le",
                  "product_id": "openssh8.4-server-8.4p1-8.16.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh8.4-8.4p1-8.16.1.s390",
                "product": {
                  "name": "openssh8.4-8.4p1-8.16.1.s390",
                  "product_id": "openssh8.4-8.4p1-8.16.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-cavs-8.4p1-8.16.1.s390",
                "product": {
                  "name": "openssh8.4-cavs-8.4p1-8.16.1.s390",
                  "product_id": "openssh8.4-cavs-8.4p1-8.16.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-clients-8.4p1-8.16.1.s390",
                "product": {
                  "name": "openssh8.4-clients-8.4p1-8.16.1.s390",
                  "product_id": "openssh8.4-clients-8.4p1-8.16.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-common-8.4p1-8.16.1.s390",
                "product": {
                  "name": "openssh8.4-common-8.4p1-8.16.1.s390",
                  "product_id": "openssh8.4-common-8.4p1-8.16.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-fips-8.4p1-8.16.1.s390",
                "product": {
                  "name": "openssh8.4-fips-8.4p1-8.16.1.s390",
                  "product_id": "openssh8.4-fips-8.4p1-8.16.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-helpers-8.4p1-8.16.1.s390",
                "product": {
                  "name": "openssh8.4-helpers-8.4p1-8.16.1.s390",
                  "product_id": "openssh8.4-helpers-8.4p1-8.16.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-server-8.4p1-8.16.1.s390",
                "product": {
                  "name": "openssh8.4-server-8.4p1-8.16.1.s390",
                  "product_id": "openssh8.4-server-8.4p1-8.16.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh8.4-8.4p1-8.16.1.s390x",
                "product": {
                  "name": "openssh8.4-8.4p1-8.16.1.s390x",
                  "product_id": "openssh8.4-8.4p1-8.16.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-cavs-8.4p1-8.16.1.s390x",
                "product": {
                  "name": "openssh8.4-cavs-8.4p1-8.16.1.s390x",
                  "product_id": "openssh8.4-cavs-8.4p1-8.16.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-clients-8.4p1-8.16.1.s390x",
                "product": {
                  "name": "openssh8.4-clients-8.4p1-8.16.1.s390x",
                  "product_id": "openssh8.4-clients-8.4p1-8.16.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-common-8.4p1-8.16.1.s390x",
                "product": {
                  "name": "openssh8.4-common-8.4p1-8.16.1.s390x",
                  "product_id": "openssh8.4-common-8.4p1-8.16.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-fips-8.4p1-8.16.1.s390x",
                "product": {
                  "name": "openssh8.4-fips-8.4p1-8.16.1.s390x",
                  "product_id": "openssh8.4-fips-8.4p1-8.16.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-helpers-8.4p1-8.16.1.s390x",
                "product": {
                  "name": "openssh8.4-helpers-8.4p1-8.16.1.s390x",
                  "product_id": "openssh8.4-helpers-8.4p1-8.16.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-server-8.4p1-8.16.1.s390x",
                "product": {
                  "name": "openssh8.4-server-8.4p1-8.16.1.s390x",
                  "product_id": "openssh8.4-server-8.4p1-8.16.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh8.4-8.4p1-8.16.1.x86_64",
                "product": {
                  "name": "openssh8.4-8.4p1-8.16.1.x86_64",
                  "product_id": "openssh8.4-8.4p1-8.16.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-cavs-8.4p1-8.16.1.x86_64",
                "product": {
                  "name": "openssh8.4-cavs-8.4p1-8.16.1.x86_64",
                  "product_id": "openssh8.4-cavs-8.4p1-8.16.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-clients-8.4p1-8.16.1.x86_64",
                "product": {
                  "name": "openssh8.4-clients-8.4p1-8.16.1.x86_64",
                  "product_id": "openssh8.4-clients-8.4p1-8.16.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-common-8.4p1-8.16.1.x86_64",
                "product": {
                  "name": "openssh8.4-common-8.4p1-8.16.1.x86_64",
                  "product_id": "openssh8.4-common-8.4p1-8.16.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-fips-8.4p1-8.16.1.x86_64",
                "product": {
                  "name": "openssh8.4-fips-8.4p1-8.16.1.x86_64",
                  "product_id": "openssh8.4-fips-8.4p1-8.16.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-helpers-8.4p1-8.16.1.x86_64",
                "product": {
                  "name": "openssh8.4-helpers-8.4p1-8.16.1.x86_64",
                  "product_id": "openssh8.4-helpers-8.4p1-8.16.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh8.4-server-8.4p1-8.16.1.x86_64",
                "product": {
                  "name": "openssh8.4-server-8.4p1-8.16.1.x86_64",
                  "product_id": "openssh8.4-server-8.4p1-8.16.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-8.4p1-8.16.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-8.4p1-8.16.1.aarch64"
        },
        "product_reference": "openssh8.4-8.4p1-8.16.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-8.4p1-8.16.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-8.4p1-8.16.1.ppc64le"
        },
        "product_reference": "openssh8.4-8.4p1-8.16.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-8.4p1-8.16.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-8.4p1-8.16.1.s390x"
        },
        "product_reference": "openssh8.4-8.4p1-8.16.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-8.4p1-8.16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-8.4p1-8.16.1.x86_64"
        },
        "product_reference": "openssh8.4-8.4p1-8.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-clients-8.4p1-8.16.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-clients-8.4p1-8.16.1.aarch64"
        },
        "product_reference": "openssh8.4-clients-8.4p1-8.16.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-clients-8.4p1-8.16.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-clients-8.4p1-8.16.1.ppc64le"
        },
        "product_reference": "openssh8.4-clients-8.4p1-8.16.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-clients-8.4p1-8.16.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-clients-8.4p1-8.16.1.s390x"
        },
        "product_reference": "openssh8.4-clients-8.4p1-8.16.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-clients-8.4p1-8.16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-clients-8.4p1-8.16.1.x86_64"
        },
        "product_reference": "openssh8.4-clients-8.4p1-8.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-common-8.4p1-8.16.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-common-8.4p1-8.16.1.aarch64"
        },
        "product_reference": "openssh8.4-common-8.4p1-8.16.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-common-8.4p1-8.16.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-common-8.4p1-8.16.1.ppc64le"
        },
        "product_reference": "openssh8.4-common-8.4p1-8.16.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-common-8.4p1-8.16.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-common-8.4p1-8.16.1.s390x"
        },
        "product_reference": "openssh8.4-common-8.4p1-8.16.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-common-8.4p1-8.16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-common-8.4p1-8.16.1.x86_64"
        },
        "product_reference": "openssh8.4-common-8.4p1-8.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-fips-8.4p1-8.16.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-fips-8.4p1-8.16.1.aarch64"
        },
        "product_reference": "openssh8.4-fips-8.4p1-8.16.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-fips-8.4p1-8.16.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-fips-8.4p1-8.16.1.ppc64le"
        },
        "product_reference": "openssh8.4-fips-8.4p1-8.16.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-fips-8.4p1-8.16.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-fips-8.4p1-8.16.1.s390x"
        },
        "product_reference": "openssh8.4-fips-8.4p1-8.16.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-fips-8.4p1-8.16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-fips-8.4p1-8.16.1.x86_64"
        },
        "product_reference": "openssh8.4-fips-8.4p1-8.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-helpers-8.4p1-8.16.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-helpers-8.4p1-8.16.1.aarch64"
        },
        "product_reference": "openssh8.4-helpers-8.4p1-8.16.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-helpers-8.4p1-8.16.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-helpers-8.4p1-8.16.1.ppc64le"
        },
        "product_reference": "openssh8.4-helpers-8.4p1-8.16.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-helpers-8.4p1-8.16.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-helpers-8.4p1-8.16.1.s390x"
        },
        "product_reference": "openssh8.4-helpers-8.4p1-8.16.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-helpers-8.4p1-8.16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-helpers-8.4p1-8.16.1.x86_64"
        },
        "product_reference": "openssh8.4-helpers-8.4p1-8.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-server-8.4p1-8.16.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-server-8.4p1-8.16.1.aarch64"
        },
        "product_reference": "openssh8.4-server-8.4p1-8.16.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-server-8.4p1-8.16.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-server-8.4p1-8.16.1.ppc64le"
        },
        "product_reference": "openssh8.4-server-8.4p1-8.16.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-server-8.4p1-8.16.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-server-8.4p1-8.16.1.s390x"
        },
        "product_reference": "openssh8.4-server-8.4p1-8.16.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-server-8.4p1-8.16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-server-8.4p1-8.16.1.x86_64"
        },
        "product_reference": "openssh8.4-server-8.4p1-8.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-8.4p1-8.16.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-8.4p1-8.16.1.x86_64"
        },
        "product_reference": "openssh8.4-8.4p1-8.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-clients-8.4p1-8.16.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-clients-8.4p1-8.16.1.x86_64"
        },
        "product_reference": "openssh8.4-clients-8.4p1-8.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-common-8.4p1-8.16.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-common-8.4p1-8.16.1.x86_64"
        },
        "product_reference": "openssh8.4-common-8.4p1-8.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-fips-8.4p1-8.16.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-fips-8.4p1-8.16.1.x86_64"
        },
        "product_reference": "openssh8.4-fips-8.4p1-8.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-helpers-8.4p1-8.16.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-helpers-8.4p1-8.16.1.x86_64"
        },
        "product_reference": "openssh8.4-helpers-8.4p1-8.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh8.4-server-8.4p1-8.16.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-server-8.4p1-8.16.1.x86_64"
        },
        "product_reference": "openssh8.4-server-8.4p1-8.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-26465",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-26465"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client\u0027s memory resource first, turning the attack complexity high.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-8.4p1-8.16.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-8.4p1-8.16.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-8.4p1-8.16.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-8.4p1-8.16.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-clients-8.4p1-8.16.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-clients-8.4p1-8.16.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-clients-8.4p1-8.16.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-clients-8.4p1-8.16.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-common-8.4p1-8.16.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-common-8.4p1-8.16.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-common-8.4p1-8.16.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-common-8.4p1-8.16.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-fips-8.4p1-8.16.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-fips-8.4p1-8.16.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-fips-8.4p1-8.16.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-fips-8.4p1-8.16.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-helpers-8.4p1-8.16.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-helpers-8.4p1-8.16.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-helpers-8.4p1-8.16.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-helpers-8.4p1-8.16.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-server-8.4p1-8.16.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-server-8.4p1-8.16.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-server-8.4p1-8.16.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-server-8.4p1-8.16.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-8.4p1-8.16.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-clients-8.4p1-8.16.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-common-8.4p1-8.16.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-fips-8.4p1-8.16.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-helpers-8.4p1-8.16.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-server-8.4p1-8.16.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-26465",
          "url": "https://www.suse.com/security/cve/CVE-2025-26465"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237040 for CVE-2025-26465",
          "url": "https://bugzilla.suse.com/1237040"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237041 for CVE-2025-26465",
          "url": "https://bugzilla.suse.com/1237041"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-8.4p1-8.16.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-8.4p1-8.16.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-8.4p1-8.16.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-clients-8.4p1-8.16.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-clients-8.4p1-8.16.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-clients-8.4p1-8.16.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-clients-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-common-8.4p1-8.16.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-common-8.4p1-8.16.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-common-8.4p1-8.16.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-common-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-fips-8.4p1-8.16.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-fips-8.4p1-8.16.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-fips-8.4p1-8.16.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-fips-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-helpers-8.4p1-8.16.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-helpers-8.4p1-8.16.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-helpers-8.4p1-8.16.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-helpers-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-server-8.4p1-8.16.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-server-8.4p1-8.16.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-server-8.4p1-8.16.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-server-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-clients-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-common-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-fips-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-helpers-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-server-8.4p1-8.16.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-8.4p1-8.16.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-8.4p1-8.16.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-8.4p1-8.16.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-clients-8.4p1-8.16.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-clients-8.4p1-8.16.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-clients-8.4p1-8.16.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-clients-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-common-8.4p1-8.16.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-common-8.4p1-8.16.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-common-8.4p1-8.16.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-common-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-fips-8.4p1-8.16.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-fips-8.4p1-8.16.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-fips-8.4p1-8.16.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-fips-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-helpers-8.4p1-8.16.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-helpers-8.4p1-8.16.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-helpers-8.4p1-8.16.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-helpers-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-server-8.4p1-8.16.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-server-8.4p1-8.16.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-server-8.4p1-8.16.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssh8.4-server-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-clients-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-common-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-fips-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-helpers-8.4p1-8.16.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssh8.4-server-8.4p1-8.16.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-28T14:39:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-26465"
    }
  ]
}

CVE-2025-26465 (GCVE-0-2025-26465)

Vulnerability from cvelistv5

Published

2025-02-18 18:27

Modified

2025-08-14 13:06

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-390 - Detection of Error Condition Without Action

Summary

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2025:3837	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:6993	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8385	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-26465	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2344780	issue-tracking, x_refsource_REDHAT
	https://seclists.org/oss-sec/2025/q1/144

Impacted products

Vendor

Product

Version

▼

Version: 6.8p1 <

Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:8.7p1-45.el9 < * cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:8.7p1-45.el9 < * cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:8.7p1-38.el9_4.5 < * cpe:/o:redhat:rhel_eus:9.4::baseos cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Discovery 1.14	Unaffected: sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63 < * cpe:/a:redhat:discovery:1.14::el9
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-03-03T17:48:15.682Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html"
          },
          {
            "url": "https://www.openwall.com/lists/oss-security/2025/02/18/1"
          },
          {
            "url": "https://www.openwall.com/lists/oss-security/2025/02/18/4"
          },
          {
            "url": "https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/"
          },
          {
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1237040"
          },
          {
            "url": "https://security-tracker.debian.org/tracker/CVE-2025-26465"
          },
          {
            "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig"
          },
          {
            "url": "https://ubuntu.com/security/CVE-2025-26465"
          },
          {
            "url": "https://www.openssh.com/releasenotes.html#9.9p2"
          },
          {
            "url": "https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466"
          },
          {
            "url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250228-0003/"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-26465-detect-vulnerable-openssh"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-26465-mitigate-vulnerable-openssh"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-26465",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T15:02:09.369445Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-19T15:02:45.555Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://seclists.org/oss-sec/2025/q1/144"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.openssh.com/",
          "defaultStatus": "unaffected",
          "packageName": "OpenSSH",
          "repo": "https://anongit.mindrot.org/openssh.git",
          "versions": [
            {
              "lessThanOrEqual": "9.9p1",
              "status": "affected",
              "version": "6.8p1",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.7p1-45.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.7p1-45.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.4::baseos",
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.7p1-38.el9_4.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:1.14::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "registry.redhat.io/discovery/discovery-server-rhel9",
          "product": "Red Hat Discovery 1.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-02-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client\u0027s memory resource first, turning the attack complexity high."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "Detection of Error Condition Without Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-14T13:06:48.611Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:3837",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:3837"
        },
        {
          "name": "RHSA-2025:6993",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:6993"
        },
        {
          "name": "RHSA-2025:8385",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8385"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-26465"
        },
        {
          "name": "RHBZ#2344780",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344780"
        },
        {
          "url": "https://seclists.org/oss-sec/2025/q1/144"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-10T21:56:03.853000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-02-17T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-390: Detection of Error Condition Without Action"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-26465",
    "datePublished": "2025-02-18T18:27:16.843Z",
    "dateReserved": "2025-02-10T18:31:47.978Z",
    "dateUpdated": "2025-08-14T13:06:48.611Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted