-
@ ch0k1
2025-02-19 01:02:58
OpenSSH bugs threaten enterprise security, uptime
https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/
Researchers can disclose two brand-new vulnerabilities in OpenSSH now that patches have been released.
Qualys discovered the bugs in January, per its disclosure timeline. These vulnerabilities allow miscreants to perform machine-in-the-middle (MitM) attacks on the OpenSSH client and pre-authentication denial-of-service (DoS) attacks.
Patches for CVE-2025-26465 and CVE-2025-26466 were released this morning. Although their respective severity scores (6.8 and 5.9) don't necessarily scream "patch me right away" – it certainly doesn't seem as bad as last year's regreSSHion issue – they're both likely to raise some degree of concern given the tool's prominence.
originally posted at https://stacker.news/items/890119