Security update for openssh SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:21128-1 Final 1 1 2025-11-28T07:46:20Z current 2025-11-28T07:46:20Z 2025-11-28T07:46:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openssh This update for openssh fixes the following issues: - CVE-2025-61984: code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198). - CVE-2025-61985: code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SL-Micro-6.2-81 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202521128-1/ Link for SUSE-SU-2025:21128-1 https://lists.suse.com/pipermail/sle-security-updates/2025-December/023496.html E-Mail link for SUSE-SU-2025:21128-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1251198 SUSE Bug 1251198 https://bugzilla.suse.com/1251199 SUSE Bug 1251199 https://www.suse.com/security/cve/CVE-2025-61984/ SUSE CVE CVE-2025-61984 page https://www.suse.com/security/cve/CVE-2025-61985/ SUSE CVE CVE-2025-61985 page SUSE Linux Micro 6.2 openssh-10.0p2-160000.3.1 openssh-clients-10.0p2-160000.3.1 openssh-common-10.0p2-160000.3.1 openssh-server-10.0p2-160000.3.1 openssh-server-config-rootlogin-10.0p2-160000.3.1 openssh-10.0p2-160000.3.1 as a component of SUSE Linux Micro 6.2 openssh-clients-10.0p2-160000.3.1 as a component of SUSE Linux Micro 6.2 openssh-common-10.0p2-160000.3.1 as a component of SUSE Linux Micro 6.2 openssh-server-10.0p2-160000.3.1 as a component of SUSE Linux Micro 6.2 openssh-server-config-rootlogin-10.0p2-160000.3.1 as a component of SUSE Linux Micro 6.2 ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.) CVE-2025-61984 SUSE Linux Micro 6.2:openssh-10.0p2-160000.3.1 SUSE Linux Micro 6.2:openssh-clients-10.0p2-160000.3.1 SUSE Linux Micro 6.2:openssh-common-10.0p2-160000.3.1 SUSE Linux Micro 6.2:openssh-server-10.0p2-160000.3.1 SUSE Linux Micro 6.2:openssh-server-config-rootlogin-10.0p2-160000.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202521128-1/ https://www.suse.com/security/cve/CVE-2025-61984.html CVE-2025-61984 https://bugzilla.suse.com/1251198 SUSE Bug 1251198 ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. CVE-2025-61985 SUSE Linux Micro 6.2:openssh-10.0p2-160000.3.1 SUSE Linux Micro 6.2:openssh-clients-10.0p2-160000.3.1 SUSE Linux Micro 6.2:openssh-common-10.0p2-160000.3.1 SUSE Linux Micro 6.2:openssh-server-10.0p2-160000.3.1 SUSE Linux Micro 6.2:openssh-server-config-rootlogin-10.0p2-160000.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202521128-1/ https://www.suse.com/security/cve/CVE-2025-61985.html CVE-2025-61985 https://bugzilla.suse.com/1251199 SUSE Bug 1251199