Thank you. I merged this patch into Core Update 192. I don’t think these are that hot for us, but let’s rather be safe than sorry. -Michael > On 19 Feb 2025, at 13:30, Adolf Belka wrote: > > - Update from version 9.9p1 to 9.9p2 > - Update of rootfile not required > - Changelog > 9.9p2 > Security > * Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1 > (inclusive) contained a logic error that allowed an on-path > attacker (a.k.a MITM) to impersonate any server when the > VerifyHostKeyDNS option is enabled. This option is off by default. > * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1 > (inclusive) is vulnerable to a memory/CPU denial-of-service related > to the handling of SSH2_MSG_PING packets. This condition may be > mitigated using the existing PerSourcePenalties feature. > Both vulnerabilities were discovered and demonstrated to be exploitable > by the Qualys Security Advisory team. We thank them for their detailed > review of OpenSSH. > Bugfixes > * ssh(1), sshd(8): fix regression in Match directive that caused > failures when predicates and their arguments were separated by '=' > characters instead of whitespace (bz3739). > * sshd(8): fix the "Match invalid-user" predicate, which was matching > incorrectly in the initial pass of config evaluation. > * ssh(1), sshd(8), ssh-keyscan(1): fix mlkem768x25519-sha256 key > exchange on big-endian systems. > * Fix a number of build problems on particular operating systems / > configurations. > > Signed-off-by: Adolf Belka > --- > lfs/openssh | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/lfs/openssh b/lfs/openssh > index b1c9a1635..f2165a96d 100644 > --- a/lfs/openssh > +++ b/lfs/openssh > @@ -1,7 +1,7 @@ > ############################################################################### > # # > # IPFire.org - A linux based firewall # > -# Copyright (C) 2007-2024 IPFire Team # > +# Copyright (C) 2007-2025 IPFire Team # > # # > # This program is free software: you can redistribute it and/or modify # > # it under the terms of the GNU General Public License as published by # > @@ -24,7 +24,7 @@ > > include Config > > -VER = 9.9p1 > +VER = 9.9p2 > > THISAPP = openssh-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -40,7 +40,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_BLAKE2 = 817d267e42b8be74a13e0cfd7999bdb4dab6355c7f62c1a4dd89adad310c5fb7fe3f17109ce1a36cd269a3639c1b8f1d18330c615ab3b419253ec027cfa20997 > +$(DL_FILE)_BLAKE2 = 1b5bc09482b3a807ccfee52c86c6be3c363acf0c8e774862e0ae64f76bfeb4ce7cf29b3ed2f99c04c89bb4977da0cf50a7a175b15bf1d9925de1e03c66f8306d > > install : $(TARGET) > > -- > 2.48.1 >