Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE Linux Micro 6.1: 2025:20226-1 important: openssh DoS and MitM fixes

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
Significant security enhancement for OpenSSH on SUSE Linux Micro addressing severe vulnerabilities, such as Denial of Service (DoS) and Man-in-the-Middle (MitM) threats.
* bsc#1227456 * bsc#1229010 * bsc#1229072 * bsc#1229449 * bsc#1236826

Summary

## This update for openssh fixes the following issues: Security issues fixed: * CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS- enabled client (bsc#1237040) * CVE-2025-26466: Fixed a DoS attack against OpenSSH's client and server (bsc#1237041) Other issues fixed: * Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized (bsc#1236826). * Add a patch to fix a regression introduced in 9.6 that makes X11 forwarding very slow. (bsc#1229449) * Fixed RFC4256 implementation so that keyboard-interactive authentication method can send instructions and sshd shows them to users even before a prompt is requested. This fixes MFA push notifications (bsc#1229010). * Fix a dbus connection leaked in the logind patch that was missing a

References

* bsc#1227456

* bsc#1229010

* bsc#1229072

* bsc#1229449

* bsc#1236826

* bsc#1237040

* bsc#1237041

Cross-

* CVE-2025-26465

* CVE-2025-26466

CVSS scores:

* CVE-2025-26465 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

* CVE-2025-26465 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

* CVE-2025-26465 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

* CVE-2025-26466 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-26466 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-26466 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-26466 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* SUSE Linux Micro 6.1

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20226-1
Release Date: 2025-02-26T13:46:04Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here