![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / crypto / external / bsd / openssh / lib
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
merge changes between OpenSSH 9.9 and 10.0
Bring in changes from OpenSSH-9.9p2: Security ======== * Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1 (inclusive) contained a logic error that allowed an on-path attacker (a.k.a MITM) to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1 (inclusive) is vulnerable to a memory/CPU denial-of-service related to the handling of SSH2_MSG_PING packets. This condition may be mitigated using the existing PerSourcePenalties feature. Both vulnerabilities were discovered and demonstrated to be exploitable by the Qualys Security Advisory team. We thank them for their detailed review of OpenSSH. For OpenBSD, fixes to these problems are available as errata; refer to https://www.openbsd.org/errata.html Bugfixes ======== * ssh(1), sshd(8): fix regression in Match directive that caused failures when predicates and their arguments were separated by '=' characters instead of whitespace (bz3739). * sshd(8): fix the "Match invalid-user" predicate, which was matching incorrectly in the initial pass of config evaluation. * ssh(1), sshd(8), ssh-keyscan(1): fix mlkem768x25519-sha256 key exchange on big-endian systems. * Fix a number of build problems on particular operating systems / configurations.
crypto/external/bsd/openssh libssh: Add expected symbols list. PR lib/58838: shared libraries in base should all have expsym lists