{"id":"SUSE-SU-2025:0744-1","summary":"Security update for openssh8.4","details":"This update for openssh8.4 fixes the following issues:\n\n- CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040).\n\nOther bugfixes:\n\n- Fix usage of local accelerator cards via openssl-ibmca (bsc#1216474, bsc#1218871).\n- Add patches from upstream to change the default value of UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled) (bsc#1222831).\n- Fix hostbased ssh login failing occasionally with 'signature unverified: incorrect signature' by fixing a typo in patch (bsc#1221123).\n- For now we don't ship the ssh-keycat command, but we need the patch for the other SELinux infrastructure (bsc#1214788).\n- Attempts to mitigate instances of secrets lingering in memory after a session exits (bsc#1213004, bsc#1213008, bsc#1186673).\n","modified":"2026-02-04T03:53:06.234001Z","published":"2025-02-28T14:39:36Z","related":["CVE-2025-26465"],"upstream":["CVE-2025-26465"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20250744-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1186673"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213004"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213008"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214788"},{"type":"REPORT","url":"https://bugzilla.suse.com/1216474"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218871"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221123"},{"type":"REPORT","url":"https://bugzilla.suse.com/1222831"},{"type":"REPORT","url":"https://bugzilla.suse.com/1237040"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-26465"}],"affected":[{"package":{"name":"openssh8.4","ecosystem":"SUSE:Linux Enterprise Server 12 SP5-LTSS","purl":"pkg:rpm/suse/openssh8.4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.4p1-8.16.1"}]}],"ecosystem_specific":{"binaries":[{"openssh8.4":"8.4p1-8.16.1","openssh8.4-helpers":"8.4p1-8.16.1","openssh8.4-fips":"8.4p1-8.16.1","openssh8.4-server":"8.4p1-8.16.1","openssh8.4-clients":"8.4p1-8.16.1","openssh8.4-common":"8.4p1-8.16.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0744-1.json"}},{"package":{"name":"openssh8.4","ecosystem":"SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5","purl":"pkg:rpm/suse/openssh8.4&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.4p1-8.16.1"}]}],"ecosystem_specific":{"binaries":[{"openssh8.4":"8.4p1-8.16.1","openssh8.4-helpers":"8.4p1-8.16.1","openssh8.4-fips":"8.4p1-8.16.1","openssh8.4-server":"8.4p1-8.16.1","openssh8.4-clients":"8.4p1-8.16.1","openssh8.4-common":"8.4p1-8.16.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0744-1.json"}}],"schema_version":"1.7.3"}