35202 – openssh new security issues CVE-2025-6198[45]

Bug 35202 - openssh new security issues CVE-2025-6198[45]

Summary: openssh new security issues CVE-2025-6198[45]

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2026-03-13 14:53 CET by Nicolas Salguero
Modified:	2026-03-19 19:05 CET (History)
CC List:	4 users (show)

See Also:
Source RPM:	openssh-9.3p1-2.5.mga9.src.rpm
CVE:	CVE-2025-61984, CVE-2025-61985
Status comment:

Flags:	herman.viaene: test_passed_mga9_64+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2026-03-13 14:53:48 CET

Ubuntu has issued an advisory on March 12:
https://ubuntu.com/security/notices/USN-8090-1

Nicolas Salguero 2026-03-13 14:54:25 CET

CVE: (none) => CVE-2025-61984, CVE-2025-61985
Whiteboard: (none) => MGA9TOO
Source RPM: (none) => openssh-10.0p1-2.mga10.src.rpm, openssh-9.3p1-2.5.mga9.src.rpm
Flags: (none) => affects_mga9+

Comment 1 Nicolas Salguero 2026-03-13 15:06:20 CET

For Cauldron, openssh-10.0p1-3.mga10 fixes those issues.


Suggested advisory:
========================

The updated packages fix security vulnerabilities:

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (CVE-2025-61984)

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. (CVE-2025-61985)

References:
https://ubuntu.com/security/notices/USN-8090-1
========================

Updated packages in core/updates_testing:
========================
openssh-9.3p1-2.6.mga9
openssh-askpass-common-9.3p1-2.6.mga9
openssh-askpass-gnome-9.3p1-2.6.mga9
openssh-clients-9.3p1-2.6.mga9
openssh-keycat-9.3p1-2.6.mga9
openssh-server-9.3p1-2.6.mga9

from SRPM:
openssh-9.3p1-2.6.mga9.src.rpm

Status: NEW => ASSIGNED
Whiteboard: MGA9TOO => (none)
Source RPM: openssh-10.0p1-2.mga10.src.rpm, openssh-9.3p1-2.5.mga9.src.rpm => openssh-9.3p1-2.5.mga9.src.rpm
Flags: affects_mga9+ => (none)
Version: Cauldron => 9
Assignee: bugsquad => qa-bugs

PC LX 2026-03-13 15:16:47 CET

CC: (none) => mageia

Comment 2 katnatek 2026-03-14 02:08:59 CET

RH x86_64

Install with other updates

installing //home/katnatek/qa-testing/x86_64/openssh-clients-9.3p1-2.6.mga9.x86_64.rpm                                               
/var/cache/urpmi/rpms/vim-common-9.2.140-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/openssh-askpass-gnome-9.3p1-2.6.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/openssh-9.3p1-2.6.mga9.x86_64.rpm
/var/cache/urpmi/rpms/vim-minimal-9.2.140-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/openssh-server-9.3p1-2.6.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/openssh-askpass-common-9.3p1-2.6.mga9.x86_64.rpm
/var/cache/urpmi/rpms/vim-enhanced-9.2.140-1.mga9.x86_64.rpm
Preparing...                     ###################################################################################################
      1/8: openssh               ###################################################################################################
      2/8: openssh-clients       ###################################################################################################
      3/8: openssh-askpass-common
                                 ###################################################################################################
      4/8: vim-common            ###################################################################################################
      5/8: vim-enhanced          ###################################################################################################
      6/8: openssh-askpass-gnome ###################################################################################################
      7/8: openssh-server        ###################################################################################################
      8/8: vim-minimal           ###################################################################################################
      1/8: removing openssh-server-9.3p1-2.5.mga9.x86_64
                                 ###################################################################################################
      2/8: removing openssh-askpass-gnome-9.3p1-2.5.mga9.x86_64
                                 ###################################################################################################
      3/8: removing openssh-clients-9.3p1-2.5.mga9.x86_64
                                 ###################################################################################################
      4/8: removing vim-enhanced-9.2.106-1.mga9.x86_64
                                 ###################################################################################################
      5/8: removing openssh-askpass-common-9.3p1-2.5.mga9.x86_64
                                 ###################################################################################################
      6/8: removing vim-common-9.2.106-1.mga9.x86_64
                                 ###################################################################################################
      7/8: removing openssh-9.3p1-2.5.mga9.x86_64
                                 ###################################################################################################
      8/8: removing vim-minimal-9.2.106-1.mga9.x86_64
                                 ###################################################################################################

systemctl restart sshd.service
systemctl status sshd.service 
● sshd.service - OpenSSH server daemon
     Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: enabled)
     Active: active (running) since Fri 2026-03-13 19:04:41 CST; 24s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 115053 (sshd)
      Tasks: 1 (limit: 6808)
     Memory: 1.3M
        CPU: 38ms
     CGroup: /system.slice/sshd.service
             └─115053 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

mar 13 19:04:41 jgrey.phoenix systemd[1]: Starting sshd.service...
mar 13 19:04:41 jgrey.phoenix sshd[115053]: Server listening on 0.0.0.0 port 22.
mar 13 19:04:41 jgrey.phoenix systemd[1]: Started sshd.service.


Connect from my system to remote system OK
Connect from remote system to my system OK

Looks good for me

katnatek 2026-03-14 03:29:19 CET

Keywords: (none) => advisory

Comment 3 Herman Viaene 2026-03-14 15:54:21 CET

MGA9-64 server Plasma Wayland on Compaq H000SB
No installation issues.
Ref bugs 34036 and 34224
# systemctl start sshd
# systemctl -l status sshd
● sshd.service - OpenSSH server daemon
     Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: enabled)
     Active: active (running) since Sat 2026-03-14 15:31:10 CET; 3s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 26190 (sshd)
      Tasks: 1 (limit: 8805)
     Memory: 1.3M
        CPU: 144ms
     CGroup: /system.slice/sshd.service
             └─26190 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Mar 14 15:31:10 mach3.hviaene.thuis systemd[1]: Starting sshd.service...
Mar 14 15:31:10 mach3.hviaene.thuis systemd[1]: Started sshd.service.
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/tester9/.ssh/id_rsa): 
/home/tester9/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/tester9/.ssh/id_rsa
Your public key has been saved in /home/tester9/.ssh/id_rsa.pub
The key fingerprint is:
shows key info
$ ssh-copy-id -i ~/.ssh/id_rsa.pub herman@mach1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/tester9/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
(herman@mach1) Password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'herman@mach1'"
and check to make sure that only the key(s) you wanted were added.
$ ssh herman@mach1
Enter passphrase for key '/home/tester9/.ssh/id_rsa': 
Last login: Thu May  1 11:58:49 2025 from 192.168.2.3
[herman@mach1 ~]$ cd Documenten/
[herman@mach1 Documenten]$ ls
shows the contents of the remote desktop

CC: (none) => herman.viaene

Comment 4 PC LX 2026-03-16 15:27:16 CET

Installed and tested for 3 days without issues.

Tested:
- as client, and server;
- multiple machines, VMs, and containers;
- x86_64 (Intel and AMD) and ARM arch64;
- systemd socket activated;
- TCP port and unix socket forwarding;
- X11 forwarding;
- key authentication;
- proxy SOCKS5;
- through ansible, rsync, sshfs, scp, sftp.
All OK.



$ uname -a
Linux jupiter 6.6.120-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Jan 14 01:59:53 UTC 2026 x86_64 GNU/Linux
$ rpm -qa | grep openssh | sort
lxqt-openssh-askpass-1.4.0-1.mga9
openssh-9.3p1-2.6.mga9
openssh-askpass-common-9.3p1-2.6.mga9
openssh-askpass-qt5-2.1.0-10.mga9
openssh-clients-9.3p1-2.6.mga9
openssh-server-9.3p1-2.6.mga9
$ systemctl status sshd.socket
● sshd.socket - OpenSSH Server Socket
     Loaded: loaded (/usr/lib/systemd/system/sshd.socket; enabled; preset: disabled)
     Active: active (listening) since Mon 2026-03-16 09:43:41 WET; 4h 41min ago
       Docs: man:sshd(8)
             man:sshd_config(5)
     Listen: [::]:22 (Stream)
   Accepted: 534; Connected: 0;
      Tasks: 0 (limit: 37586)
     Memory: 4.0K
        CPU: 328ms
     CGroup: /system.slice/sshd.socket

mar 16 09:43:41 jupiter systemd[1]: Listening on sshd.socket.

Comment 5 Herman Viaene 2026-03-19 10:15:55 CET

Looks OK in all tests.

Whiteboard: (none) => MGA9-64-OK
Flags: (none) => test_passed_mga9_64+

Comment 6 Thomas Andrews 2026-03-19 15:01:52 CET

Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 7 Mageia Robot 2026-03-19 19:05:39 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2026-0059.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.