[ubuntu/plucky-proposed] openssh 1:9.9p1-3ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Feb 18 14:26:18 UTC 2025 

openssh (1:9.9p1-3ubuntu3) plucky; urgency=medium

  * SECURITY UPDATE: MitM with VerifyHostKeyDNS option
    - debian/patches/CVE-2025-26465.patch: fix error code handling in
      krl.c, ssh-agent.c, ssh-sk-client.c, sshconnect2.c, sshsig.c.
    - CVE-2025-26465
  * SECURITY UPDATE: pre-authentication denial of service
    - debian/patches/CVE-2025-26466.patch: don't reply to PING in preauth
      or in KEX in packet.c.
    - CVE-2025-26466

Date: Tue, 18 Feb 2025 08:50:06 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssh/1:9.9p1-3ubuntu3
-------------- next part --------------
Format: 1.8
Date: Tue, 18 Feb 2025 08:50:06 -0500
Source: openssh
Built-For-Profiles: noudeb
Architecture: source
Version: 1:9.9p1-3ubuntu3
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 openssh (1:9.9p1-3ubuntu3) plucky; urgency=medium
 .
   * SECURITY UPDATE: MitM with VerifyHostKeyDNS option
     - debian/patches/CVE-2025-26465.patch: fix error code handling in
       krl.c, ssh-agent.c, ssh-sk-client.c, sshconnect2.c, sshsig.c.
     - CVE-2025-26465
   * SECURITY UPDATE: pre-authentication denial of service
     - debian/patches/CVE-2025-26466.patch: don't reply to PING in preauth
       or in KEX in packet.c.
     - CVE-2025-26466
Checksums-Sha1:
 94d8082f8bf865bb03ee2688ae770680ec2e4b75 3480 openssh_9.9p1-3ubuntu3.dsc
 66b7be13d0abce52f4cbd9dcd3564487feba5035 212044 openssh_9.9p1-3ubuntu3.debian.tar.xz
 16ee9eb2c2784584823d9f8cb94e70f3f40b2893 16043 openssh_9.9p1-3ubuntu3_source.buildinfo
Checksums-Sha256:
 a5b2e2fa25c86e852237b62f9a6657cdd26cfbf3f625cf5b02781bdbcb1cd858 3480 openssh_9.9p1-3ubuntu3.dsc
 93e98a902c606e268b7f20d0b7433af2148ec8d1804a7b4375717d7f799d5d38 212044 openssh_9.9p1-3ubuntu3.debian.tar.xz
 2341fa44eacabff0e91899edf2e2556c432e88af377c302b9ee32a215b4b4f6c 16043 openssh_9.9p1-3ubuntu3_source.buildinfo
Files:
 db2ce69825b80f5fdb44988cc901c9b9 3480 net standard openssh_9.9p1-3ubuntu3.dsc
 ade81b50b9283da2955652a443e4e585 212044 net standard openssh_9.9p1-3ubuntu3.debian.tar.xz
 ea009bb7c6b9e674fd61aadf579d0bfc 16043 net standard openssh_9.9p1-3ubuntu3_source.buildinfo
Original-Maintainer: Debian OpenSSH Maintainers <debian-ssh at lists.debian.org>

More information about the plucky-changes mailing list