Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE Linux Micro: 2025:20226-1 important: openssh DoS MitM

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
SUSE has published patches targeting DoS and MitM flaws in OpenSSH, enhancing security measures.
* bsc#1227456 * bsc#1229010 * bsc#1229072 * bsc#1229449 * bsc#1236826

Summary

## This update for openssh fixes the following issues: Security issues fixed: * CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS- enabled client (bsc#1237040) * CVE-2025-26466: Fixed a DoS attack against OpenSSH's client and server (bsc#1237041) Other issues fixed: * Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized (bsc#1236826). * Add a patch to fix a regression introduced in 9.6 that makes X11 forwarding very slow. (bsc#1229449) * Fixed RFC4256 implementation so that keyboard-interactive authentication method can send instructions and sshd shows them to users even before a prompt is requested. This fixes MFA push notifications (bsc#1229010). * Fix a dbus connection leaked in the logind patch that was missing a

Topics%20covered

Topics Covered

security advisory DoS patch openssh SUSE MitM

References

* bsc#1227456

* bsc#1229010

* bsc#1229072

* bsc#1229449

* bsc#1236826

* bsc#1237040

* bsc#1237041

Cross-

* CVE-2025-26465

* CVE-2025-26466

CVSS scores:

* CVE-2025-26465 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

* CVE-2025-26465 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

* CVE-2025-26465 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

* CVE-2025-26466 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-26466 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-26466 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-26466 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* SUSE Linux Micro 6.1

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20226-1
Release Date: 2025-02-26T13:46:04Z
Rating: important

Topics%20covered

Topics Covered

security advisory DoS patch openssh SUSE MitM

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here