Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Debian 10.05 OpenSSH Severe Denial of Service Unrestricted Code 2026-3498

ubuntu
Calendar Grey March 12, 2026
Dist Ubuntu Esm H88
Critical security issues found in OpenSSH for Ubuntu require prompt attention with recommended updates to protect systems.
Several security issues were fixed in OpenSSH.

Summary

Several security issues were fixed in OpenSSH.

Software Description:

- openssh: secure shell (SSH) for secure access to remote machines

Details:

Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly

handled disconnecting clients. In non-default configurations where the

GSSAPIKeyExchange setting is enabled, a remote attacker could use this

issue to cause OpenSSH to crash, resulting in a denial of service, or

possibly execute arbitrary code. (CVE-2026-3497)

David Leadbeater discovered that OpenSSH incorrectly handled certain

control characters in usernames. When untrusted usernames and the

ProxyCommand are being used, an attacker could possibly use this issue to

execute arbitrary code. (CVE-2025-61984)

David Leadbeater discovered that OpenSSH incorrectly handled NULL

characters in ssh:// URIs. When the ProxyCommand is being used, an attacker

could possibly use this issue to execute arbitrary code. (CVE-2025-61985)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  openssh-client                  1:10.0p1-5ubuntu5.1
  openssh-server                  1:10.0p1-5ubuntu5.1

Ubuntu 24.04 LTS
  openssh-client                  1:9.6p1-3ubuntu13.15
  openssh-server                  1:9.6p1-3ubuntu13.15

Ubuntu 22.04 LTS
  openssh-client                  1:8.9p1-3ubuntu0.14
  openssh-server                  1:8.9p1-3ubuntu0.14

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8090-1

CVE-2025-61984, CVE-2025-61985, CVE-2026-3497

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8090-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here