[BSA-130] Security Update for openssh

To: debian-backports-announce@lists.debian.org
Subject: [BSA-130] Security Update for openssh
From: Colin Watson <cjwatson@debian.org>
Date: Thu, 9 Apr 2026 22:03:58 +0100
Message-id: <[🔎] adgUPoJb_0EdYWVz@riva.ucam.org>
Mail-followup-to: debian-backports@lists.debian.org

Colin Watson uploaded new packages for openssh which fixed the followingsecurity problems:


CVE-2026-3497 (DSA-6204-1)
  Jeremy Brown discovered a flaw in the GSSAPI Key Exchange patch
  applied in Debian to OpenSSH, an implementation of the SSH
  protocol suite, affecting non-default configurations with the
  GSSAPIKeyExchange setting enabled. A remote attacker can take
  advantage of this flaw to cause a denial of service, or
  potentially the execution of arbitrary code.

  https://security-tracker.debian.org/tracker/CVE-2026-3497

For the trixie-backports distribution, the problem has been fixed inversion 1:10.2p1-6~bpo13+1.


--
Colin Watson (he/him)                              [cjwatson@debian.org]

Attachment: signature.asc
Description: PGP signature

Reply to:

Next by Date: [BSA-131] Security Update for flatpak
Next by thread: [BSA-131] Security Update for flatpak
Index(es):
- Date
- Thread