MGASA-2026-0059

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2026-0059.html

Import Source

https://advisories.mageia.org/MGASA-2026-0059.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2026-0059

Related

CVE-2025-61984
CVE-2025-61985

Published

2026-03-19T18:04:37Z

Modified

2026-03-19T18:15:07.086523Z

Summary

Updated openssh packages fix security vulnerabilities

Details

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (CVE-2025-61984) ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. (CVE-2025-61985)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / openssh

Package

Name: openssh
Purl: pkg:rpm/mageia/openssh?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.3p1-2.6.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0059.json"