UbuntuUpdates.org

Package "openssh-server"

Name: openssh-server

Description:

secure shell (SSH) server, for secure access from remote machines
Latest version: 1:9.6p1-3ubuntu13.15
Release: noble (24.04)
Level: updates
Repository: main
Head package: openssh
Homepage: https://www.openssh.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "openssh-server"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "openssh-server" in Noble

Repository Area Version
base main 1:9.6p1-3ubuntu13
security main 1:9.6p1-3ubuntu13.15

Changelog

Version: 1:9.6p1-3ubuntu13.15 2026-03-13 12:08:04 UTC

  openssh (1:9.6p1-3ubuntu13.15) noble-security; urgency=medium

  * SECURITY UPDATE: GSSAPI Key Exchange issue
    - debian/patches/gssapi.patch: replace incorrect use of
      sshpkt_disconnect() with ssh_packet_disconnect() and properly
      initialize some vars.
    - CVE-2026-3497
  * SECURITY UPDATE: Untrusted control characters in usernames
    - debian/patches/CVE-2025-61984.patch: refuse usernames that include
      control characters in ssh.c.
    - CVE-2025-61984
  * SECURITY UPDATE: Code execution in ProxyCommand via NULL character
    - debian/patches/CVE-2025-61985.patch: don't allow \0 characters in
      url-encoded strings in misc.c.
    - CVE-2025-61985

 -- Marc Deslauriers <email address hidden> Wed, 04 Mar 2026 12:55:04 -0500
Source diff to previous version
CVE-2026-3497 Vulnerability in the OpenSSH GSSAPI delta included in various Linux di ...
CVE-2025-61984 ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code
CVE-2025-61985 ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

Version: 1:9.6p1-3ubuntu13.14 2025-09-09 12:07:10 UTC

  openssh (1:9.6p1-3ubuntu13.14) noble; urgency=medium

  * d/p/systemd-socket-activation.patch: allow AF_VSOCK sockets (LP: #2111226)

 -- Nick Rosbrook <email address hidden> Tue, 26 Aug 2025 09:49:17 -0400
Source diff to previous version
2111226 sshd socket activation does not support AF_VSOCK

Version: 1:9.6p1-3ubuntu13.13 2025-07-24 16:06:55 UTC

  openssh (1:9.6p1-3ubuntu13.13) noble; urgency=medium

  * Explicitly listen on IPv4 by default, with socket-activated sshd
    (LP: #2080216)
    - d/systemd/ssh.socket: explicitly listen on ipv4 by default
    - d/t/sshd-socket-generator: update for new defaults and AddressFamily
    - sshd-socket-generator: handle new ssh.socket default settings

 -- Nick Rosbrook <email address hidden> Mon, 09 Jun 2025 13:22:39 -0400
Source diff to previous version
2080216 sshd cannot bind to IPv4 interfaces

Version: 1:9.6p1-3ubuntu13.12 2025-06-05 22:07:31 UTC

  openssh (1:9.6p1-3ubuntu13.12) noble; urgency=medium

  * d/p/sshd-socket-generator.patch: add note to sshd_config
    Explain that a systemctl daemon-reload is needed for changes
    to Port et al to take effect.
    (LP: #2069041)

 -- Nick Rosbrook <email address hidden> Tue, 29 Apr 2025 10:57:04 -0400
Source diff to previous version
2069041 Changing Port in sshd_config requires calling systemctl daemon-reload

Version: 1:9.6p1-3ubuntu13.11 2025-04-24 17:07:41 UTC

  openssh (1:9.6p1-3ubuntu13.11) noble-security; urgency=medium

  * SECURITY UPDATE: incorrect DisableForwarding directive behaviour
    - debian/patches/CVE-2025-32728.patch: fix logic error in session.c.
    - CVE-2025-32728

 -- Marc Deslauriers <email address hidden> Tue, 22 Apr 2025 07:51:46 -0400
CVE-2025-32728 In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwardin


About   -   Send Feedback to @ubuntu_updates