Mageia Advisory: MGASA-2026-0059 - Updated openssh packages fix security vulnerabilities

Updated openssh packages fix security vulnerabilities

Publication date: 19 Mar 2026
Modification date: 19 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-61984 , CVE-2025-61985

Description

ssh in OpenSSH before 10.1 allows control characters in usernames that
originate from certain possibly untrusted sources, potentially leading
to code execution when a ProxyCommand is used. The untrusted sources are
the command line and %-sequence expansion of a configuration file.
(CVE-2025-61984)
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI,
potentially leading to code execution when a ProxyCommand is used.
(CVE-2025-61985)

References

https://bugs.mageia.org/show_bug.cgi?id=35202
https://ubuntu.com/security/notices/USN-8090-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61985

SRPMS

9/core

openssh-9.3p1-2.6.mga9

Advisories » MGASA-2026-0059

Updated openssh packages fix security vulnerabilities

Description

References

SRPMS

9/core