Release date:
2026-01-09 10:40:19 UTC
Description:
- CVE-2025-61984: fix username handling by rejecting control
characters from untrusted sources to prevent ProxyCommand code execution
- CVE-2025-61985: disallowed NUL characters in ssh:// URI parsing to prevent
ProxyCommand-based code execution
Updated packages:
-
openssh-8.7p1-45.el9.tuxcare.els1.x86_64.rpm
sha:6e03ae890e90d05aaf260536ba388b9d8e0c56c9feceea3d7ac364fd11a35871
-
openssh-askpass-8.7p1-45.el9.tuxcare.els1.x86_64.rpm
sha:1931163100c4f75218b2763da13941844f093dad5966c4bcd42cd228fbf6cc0a
-
openssh-clients-8.7p1-45.el9.tuxcare.els1.x86_64.rpm
sha:14268044de86aac72196ba9df810e5c3590312a1a3c4e0d0c19b9c116bfccf81
-
openssh-keycat-8.7p1-45.el9.tuxcare.els1.x86_64.rpm
sha:cf07be719b8e10ac9b6b7f27be0a4db475df97a7e2ae2ce8ff704c6a16a81a6a
-
openssh-server-8.7p1-45.el9.tuxcare.els1.x86_64.rpm
sha:f3e0e2498118430dd1c67eae8dbc433d103501e651c9c0236b015cd36c3abbd0
-
openssh-sk-dummy-8.7p1-45.el9.tuxcare.els1.x86_64.rpm
sha:2b849a98eb60da87e8bbc57e64e9fd5b1dd5c1240752f26baf5b78043dd1e3bb
-
pam_ssh_agent_auth-0.10.4-5.45.el9.tuxcare.els1.x86_64.rpm
sha:61f4d3704a444152fc8252a53ae89869d38ae209d64a257fbd16f6fd19039fd4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
