UbuntuUpdates.org

Package "openssh-client"

Name: openssh-client

Description:

secure shell (SSH) client, for secure access to remote machines
Latest version: 1:10.0p1-5ubuntu5.1
Release: questing (25.10)
Level: security
Repository: main
Head package: openssh
Homepage: https://www.openssh.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "openssh-client"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "openssh-client" in Questing

Repository Area Version
base main 1:10.0p1-5ubuntu5
updates main 1:10.0p1-5ubuntu5.1

Changelog

Version: 1:10.0p1-5ubuntu5.1 2026-03-12 23:10:17 UTC

  openssh (1:10.0p1-5ubuntu5.1) questing-security; urgency=medium

  * SECURITY UPDATE: GSSAPI Key Exchange issue
    - debian/patches/gssapi.patch: replace incorrect use of
      sshpkt_disconnect() with ssh_packet_disconnect() and properly
      initialize some vars.
    - CVE-2026-3497
  * SECURITY UPDATE: Untrusted control characters in usernames
    - debian/patches/CVE-2025-61984.patch: Improve rules for %-expansion of
      username in ssh.c.
    - CVE-2025-61984
  * SECURITY UPDATE: Code execution in ProxyCommand via NULL character
    - debian/patches/CVE-2025-61985.patch: don't allow \0 characters in
      url-encoded strings in misc.c.
    - CVE-2025-61985

 -- Marc Deslauriers <email address hidden> Wed, 04 Mar 2026 12:55:04 -0500
CVE-2026-3497 Vulnerability in the OpenSSH GSSAPI delta included in various Linux di ...
CVE-2025-61984 ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code
CVE-2025-61985 ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.


About   -   Send Feedback to @ubuntu_updates