Alert GCSA-25026 - Aggiornamento di sicurezza per OpenSSH
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-25026
data: 20 febbraio 2025
titolo: Aggiornamento di sicurezza per OpenSSH
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione di OpenSSH, con la quale vengono risolti
alcuni bug funzionali e due vulnerabilita' di sicurezza.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
OpenSSH versioni dalla 6.8p1 alla 9.9p1 compresa
:: Impatto
Denial of Service (DoS)
Spoofing - machine-in-the-middle (MitM)
:: Soluzioni
Aggiornare OpenSSH alla versione piu' recente (9.9p2)
tramite gli upgrade del proprio sistema operativo,
o scaricando il software dal seguente link
https://www.openssh.com
:: Riferimenti
OpenSSH Security Advisory
https://www.openssh.com/security.html
https://www.openssh.com/txt/release-9.9p2
https://www.openssh.com/releasenotes.html
Qualys Security Advisory
https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt
SecurityWeek
https://www.securityweek.com/openssh-patches-vulnerabilities-allowing-mitm-dos-attacks/
The Hacker News
https://thehackernews.com/2025/02/new-openssh-flaws-enable-man-in-middle.html
Debian Linux
https://lists.debian.org/debian-security-announce/2025/msg00030.html
https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html
Ubuntu security notices
https://ubuntu.com/security/notices/USN-7270-1
https://ubuntu.com/security/notices/USN-7270-2
Red Hat
https://access.redhat.com/security/cve/CVE-2025-26465
https://access.redhat.com/security/cve/CVE-2025-26466
SUSE Security update
https://www.suse.com/support/update/announcement/2025/suse-su-20250585-1
Mitre's CVE ID
https://www.cve.org/CVERecord?id=CVE-2025-26465
https://www.cve.org/CVERecord?id=CVE-2025-26466
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZ7cDNQ0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCOfEAn2oJ0WcECKIik2sAzkRY/df82xrRAJ9Qq85TI2XH
5SPOHzZersjbeG7Ovg==
=7ct8
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-25026
data: 20 febbraio 2025
titolo: Aggiornamento di sicurezza per OpenSSH
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione di OpenSSH, con la quale vengono risolti
alcuni bug funzionali e due vulnerabilita' di sicurezza.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
OpenSSH versioni dalla 6.8p1 alla 9.9p1 compresa
:: Impatto
Denial of Service (DoS)
Spoofing - machine-in-the-middle (MitM)
:: Soluzioni
Aggiornare OpenSSH alla versione piu' recente (9.9p2)
tramite gli upgrade del proprio sistema operativo,
o scaricando il software dal seguente link
https://www.openssh.com
:: Riferimenti
OpenSSH Security Advisory
https://www.openssh.com/security.html
https://www.openssh.com/txt/release-9.9p2
https://www.openssh.com/releasenotes.html
Qualys Security Advisory
https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt
SecurityWeek
https://www.securityweek.com/openssh-patches-vulnerabilities-allowing-mitm-dos-attacks/
The Hacker News
https://thehackernews.com/2025/02/new-openssh-flaws-enable-man-in-middle.html
Debian Linux
https://lists.debian.org/debian-security-announce/2025/msg00030.html
https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html
Ubuntu security notices
https://ubuntu.com/security/notices/USN-7270-1
https://ubuntu.com/security/notices/USN-7270-2
Red Hat
https://access.redhat.com/security/cve/CVE-2025-26465
https://access.redhat.com/security/cve/CVE-2025-26466
SUSE Security update
https://www.suse.com/support/update/announcement/2025/suse-su-20250585-1
Mitre's CVE ID
https://www.cve.org/CVERecord?id=CVE-2025-26465
https://www.cve.org/CVERecord?id=CVE-2025-26466
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZ7cDNQ0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCOfEAn2oJ0WcECKIik2sAzkRY/df82xrRAJ9Qq85TI2XH
5SPOHzZersjbeG7Ovg==
=7ct8
-----END PGP SIGNATURE-----