ALSA-2025:23480

[ALSA-2025:23480] Moderate: openssh security update

Type:

security

Severity:

moderate

Release date:

2025-12-21

Description:

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.  

Security Fix(es):  

  * openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand (CVE-2025-61984)
  * openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand (CVE-2025-61985)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	openssh-8.7p1-47.el9_7.alma.1.aarch64.rpm	10c2f89e61f7722df12c6652ca665994035509643a7c5796bb0dcacf96f7fe99
aarch64	openssh-server-8.7p1-47.el9_7.alma.1.aarch64.rpm	248151aa4008056d3b64ae541d38ecfa778e60d86ca5096265b712bd895966d5
aarch64	openssh-keycat-8.7p1-47.el9_7.alma.1.aarch64.rpm	2c91f9c291c38783ac2ccb781a607171bc0d9c01546361770ca1528f38f920bf
aarch64	pam_ssh_agent_auth-0.10.4-5.47.el9_7.alma.1.aarch64.rpm	751e0d87b6c7af759900e10e354069349a6e10a434f8da4caed281e29cabed4b
aarch64	openssh-askpass-8.7p1-47.el9_7.alma.1.aarch64.rpm	991f78adc047ad2a71a33e799a65e249e66a28049ff15bfcbee76e3f22b6af8a
aarch64	openssh-clients-8.7p1-47.el9_7.alma.1.aarch64.rpm	e3b940430626f17be50206fbb56ee4c01f7736e3ce2504368dfffeda82ac826f
ppc64le	openssh-askpass-8.7p1-47.el9_7.alma.1.ppc64le.rpm	25bada5317690502c7d1c8fa948a738bb9dd03f847f1ffdf0baea12488ffa33d
ppc64le	openssh-8.7p1-47.el9_7.alma.1.ppc64le.rpm	72163e9fabcb532b87d9c6736bea16828241af994835139fbaf36eca0227067b
ppc64le	openssh-keycat-8.7p1-47.el9_7.alma.1.ppc64le.rpm	7aa526661584b50ce051ab57d96049d139f1e7510d4fbbeba2c0af565a690689
ppc64le	pam_ssh_agent_auth-0.10.4-5.47.el9_7.alma.1.ppc64le.rpm	cd3f795c285d1825364dea8febad0a490837505505806c0e339bdd478108ff60
ppc64le	openssh-clients-8.7p1-47.el9_7.alma.1.ppc64le.rpm	cdd4bd6d8e22aacafe680d3e2201cc313becc36dd0be96d25108645e94294d25
ppc64le	openssh-server-8.7p1-47.el9_7.alma.1.ppc64le.rpm	f87cc9fdad0fe3045d102942e2611b8ab952af311a4d242bf7a34eb3f1a17648
s390x	openssh-clients-8.7p1-47.el9_7.alma.1.s390x.rpm	20eeb133d08e2697f3924d9d69d0af77187547cef783b6a98891105931a204c1
s390x	openssh-keycat-8.7p1-47.el9_7.alma.1.s390x.rpm	90c896d45b19675c8ca98508e7c6f9ca64679b1a982268e80f41ca3fb9fccd99
s390x	openssh-server-8.7p1-47.el9_7.alma.1.s390x.rpm	94f7574782d0d57f1001fe1e1e7ba8fa8b69976df2feb8d81eed745eac0de073
s390x	pam_ssh_agent_auth-0.10.4-5.47.el9_7.alma.1.s390x.rpm	aa4433f46d9e31efcd7df4a6f3678a4b64d6ee74f95d7b8108e7af7849428c75
s390x	openssh-askpass-8.7p1-47.el9_7.alma.1.s390x.rpm	c44c256238f81b8585231fc3e031b3d9da8c66c7e22f2af70a1e51a94fcccd66
s390x	openssh-8.7p1-47.el9_7.alma.1.s390x.rpm	c5f841567f702d14c4a0bce279768df2f44e8093aca717ba3445160cde49f8f8
x86_64	openssh-clients-8.7p1-47.el9_7.alma.1.x86_64.rpm	4079a93663ff0c84fd4cd0a58e2800dc98cb8472d7c27171003361444439a5d3
x86_64	pam_ssh_agent_auth-0.10.4-5.47.el9_7.alma.1.x86_64.rpm	68c9ecaaf7acf092dd9ec7d129bc196c6017c5a6a78d678335c2f73e63d99250
x86_64	openssh-server-8.7p1-47.el9_7.alma.1.x86_64.rpm	6e7258de3f85a090cddf8721e5150785a051732b841a19acad23afe3a8e432b6
x86_64	openssh-askpass-8.7p1-47.el9_7.alma.1.x86_64.rpm	79738b45306e8f991ce2b79f9532fb4d5052675f3cfa9ef7bc40aff075ee4861
x86_64	openssh-8.7p1-47.el9_7.alma.1.x86_64.rpm	c5b061e03b85461aa07b9ac92990d43cf573108838cf7b054a8cefd86a73ae26
x86_64	openssh-keycat-8.7p1-47.el9_7.alma.1.x86_64.rpm	e6858ceb81b02e7c3625364a31de117b5a7fdce11c926dc44472552c7707c746

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.