Release date:
2026-01-09 10:28:03 UTC
Description:
- CVE-2025-61984: fix username handling by rejecting control
characters from untrusted sources to prevent ProxyCommand code execution
- CVE-2025-61985: disallowed NUL characters in ssh:// URI parsing to prevent
ProxyCommand-based code execution
Updated packages:
-
openssh-8.7p1-30.el9_2.tuxcare.els9.x86_64.rpm
sha:05830da3577723d245e97f275217dc36ac0fdde2c14e1cd01e49142076e0540d
-
openssh-askpass-8.7p1-30.el9_2.tuxcare.els9.x86_64.rpm
sha:487084fbd5f893d62a03d617d0b4f0cd649493959629c776a4ae397e0c95a85d
-
openssh-clients-8.7p1-30.el9_2.tuxcare.els9.x86_64.rpm
sha:b39ae860880dcc1cf4d34cb15bef0237240be43f8f19bd635b00195ed6dbbb11
-
openssh-keycat-8.7p1-30.el9_2.tuxcare.els9.x86_64.rpm
sha:d14d13c355f6e0319be8e50a6ed416d9cc0d8f0deef1b7216442a05b73dfde14
-
openssh-server-8.7p1-30.el9_2.tuxcare.els9.x86_64.rpm
sha:b68083d17d1abe370b3230a8850115dbddea9ee5fa742e252722cd241b125df7
-
openssh-sk-dummy-8.7p1-30.el9_2.tuxcare.els9.x86_64.rpm
sha:a734923e56f377602bb1963a0f9136c8df71d5c4dd2f32caa47c1cf2e4d8c423
-
pam_ssh_agent_auth-0.10.4-5.30.el9_2.tuxcare.els9.x86_64.rpm
sha:a708cdd94018de6665b35727943f451854d39e6927d681fa2588c39bd7398b0f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
