openssh-8.7p1-48.el9_7.ML.1

エラータID: AXSA:2026-410:02

Release date: 
Tuesday, April 7, 2026 - 16:29
Subject: 
openssh-8.7p1-48.el9_7.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

* openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables (CVE-2026-3497)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-3497
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.

Solution: 

Update packages.

CVEs: 
CVE-2026-3497
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.
Additional Info: 

N/A

Download: 

SRPMS
  1. openssh-8.7p1-48.el9_7.ML.1.src.rpm
    MD5: 3899ddba5595ecab620e2e0409ef9cb1
    SHA-256: 6d74f83f3bff5f51c7fdec78ce50761d42ae3d13786198b31cb41a9d5c54256a
    Size: 2.30 MB

Asianux Server 9 for x86_64
  1. openssh-8.7p1-48.el9_7.ML.1.x86_64.rpm
    MD5: 8743e75fcde97077746d46bdd40ea2e5
    SHA-256: e048ff08410f54159c6055cfd530ba6034d98db7b0bc119f939a874210aa22e7
    Size: 459.92 kB
  2. openssh-askpass-8.7p1-48.el9_7.ML.1.x86_64.rpm
    MD5: cf42572d543f9b7b82905f0ac8d6426a
    SHA-256: 2e02cdc9baf24b106a8846ce5f0ebae34230431734f618842869b7ea5db85214
    Size: 16.63 kB
  3. openssh-clients-8.7p1-48.el9_7.ML.1.x86_64.rpm
    MD5: 36b6c72af2918d3aadbe19ed300fb41b
    SHA-256: 6839e2bf8458d925b68dd41dc5c400f8c1e33b2f3e7023b6c137ed7aa0ae429e
    Size: 712.51 kB
  4. openssh-keycat-8.7p1-48.el9_7.ML.1.x86_64.rpm
    MD5: de37d856a767e72f27ba42ddcc112244
    SHA-256: c6c2baabd5b0becfbff369fcf0eab7841a7ee5f22e635d231cfd8ae82c0ca74c
    Size: 18.07 kB
  5. openssh-server-8.7p1-48.el9_7.ML.1.x86_64.rpm
    MD5: 57afeb8b10b3c59c238ceffd100e7393
    SHA-256: 5f197da4676a50430adb00c6c09488577bf926bb791a5c0f48990a5d4f3fe2ce
    Size: 460.17 kB
  6. pam_ssh_agent_auth-0.10.4-5.48.el9_7.ML.1.x86_64.rpm
    MD5: 2ee0cab88c48cce5f8794ac4c29fcae0
    SHA-256: 1cfee9203ce7d04082bb2c1e090dfb0aeabc27951b5098c4fad3d43261958d7c
    Size: 64.96 kB