openssh-8.7p1-45.el9.ML.1

エラータID: AXSA:2025-10048:02

Release date: 
Monday, July 14, 2025 - 15:21
Subject: 
openssh-8.7p1-45.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

* openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled (CVE-2025-26465)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9 Release Notes linked from the References section.

CVE-2025-26465
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

Solution: 

Update packages.

CVEs: 
CVE-2025-26465
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
Additional Info: 

N/A

Download: 

SRPMS
  1. openssh-8.7p1-45.el9.ML.1.src.rpm
    MD5: 2b582b096d8a0164a7d13f693395f27e
    SHA-256: 849f70c64a84c648423e120512e8ace9d19b3297f16cf88159532d2c594aaaee
    Size: 2.30 MB

Asianux Server 9 for x86_64
  1. openssh-8.7p1-45.el9.ML.1.x86_64.rpm
    MD5: 906eacf1eea4d277413f7c986221c6e6
    SHA-256: 0305e86ddbf4232a6fa11ae823b19a582de97572997b70936bbf64ec11ac9881
    Size: 459.88 kB
  2. openssh-askpass-8.7p1-45.el9.ML.1.x86_64.rpm
    MD5: 26d8c48b34db496d85e16b579e59a16a
    SHA-256: 16518d1bc00452ceb3f8b9bbf19e9f7a1fa7a4acb6a34a23b028bf5aa1f0508d
    Size: 16.90 kB
  3. openssh-clients-8.7p1-45.el9.ML.1.x86_64.rpm
    MD5: d83c2976d7f9597c24924c91c814ffc3
    SHA-256: 8d129bdf4c0179418c8b9c5b2a159728c40e45f6262e841513645c52a3e3cc0f
    Size: 713.45 kB
  4. openssh-keycat-8.7p1-45.el9.ML.1.x86_64.rpm
    MD5: 2fcbe2bd11fbf27ad59f5b800062d39f
    SHA-256: 165f47a1ad6ae48f9185f7b1f92fd0b37ca5714cf4ed653d6f8a41fdeb2815d4
    Size: 18.42 kB
  5. openssh-server-8.7p1-45.el9.ML.1.x86_64.rpm
    MD5: 3ea7939fc62d7084de534f08295998a1
    SHA-256: 7060ecf9fd76a8982726b77967f236565824b9356b699afc15abb6ab6526eed6
    Size: 460.14 kB
  6. pam_ssh_agent_auth-0.10.4-5.45.el9.ML.1.x86_64.rpm
    MD5: bd02818ea47138aaf73d528b55b80a28
    SHA-256: 4831e74892aea03f3c340ed61b0ca78ead3a35cf4339319c5eb4081ee7c3da74
    Size: 65.21 kB