-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6204-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 09, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : openssh CVE ID : CVE-2026-3497 Debian Bug : 1130595 Jeremy Brown discovered a flaw in the GSSAPI Key Exchange patch applied in Debian to OpenSSH, an implementation of the SSH protocol suite, affecting non-default configurations with the GSSAPIKeyExchange setting enabled. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code. For the oldstable distribution (bookworm), this problem has been fixed in version 1:9.2p1-2+deb12u9. This update includes fixes for CVE-2025-61984 and CVE-2025-61985 which were queued for the Debian bookworm 12.14 point release. For the stable distribution (trixie), this problem has been fixed in version 1:10.0p1-7+deb13u2. We recommend that you upgrade your openssh packages. For the detailed security status of openssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssh Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmnYDPhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QKaA/+NSGII9Q8QdUp5/jNDbH7VP4H3zdCJUw5AL289/ZR/NrhvG6VgxNaqKla Eok/J8kdOf/hoBsj8/1xl7r3ADx5BXZNH6xz6qKIiC6JTwIT4C6mHSaklPRXYycB sQZXRhxA9ZoJocwm1JVtf1PipP70hhMneuqoDg+qwvGMDMcPW0fmc1siKn1lThyl RMFfI59oGucjsA2EqdUuQ3vw1yMp78lgw7/jAjQnoVKE9omPD538Qd4PhR5jrt9V B2tSuz2mguyRLy3Yrm9mSI5AC9tfz+6H7jejVWJLmE9LWih7gFyZE7A01pvjb699 ncQij0hIRadMeHpYg0DpBoKYMOEhN6Pdj5uG6kN2eA/aGS07XqD9Xx2pigNHSOyi 6EEiMg/iHj1haeAvXrkBzpz/kUMeDTGMdTvExXY46omuIeX8KwSpTyEC+S8hMoF7 v6tbtNM+U62HA3a+iAjKmQBt0X5D13WBgz/ElGPGZ2LV9hVxefoEmtqOnkQnR364 LfsFuSVU/u6himPI1Eg7S+tzjhHjFvWQ7UdU7Flyk93FqHU5zqh7rI4lBAkPIC5O R53IlFgUJoJOLUgazUb15Gw9QFpW3vI7l/aEu8pwRp0OvXqnA9He2P8uI5+O78zo 8ZHuy89F9GwJs8ylCTU9X/rC6ZNRJEZKmvFjkHyeIU6OJubwVrM= =yIuY -----END PGP SIGNATURE-----
