- Issued:
- 2025-09-25
- Updated:
- 2025-09-25
RHSA-2025:16823 - Security Advisory
Synopsis
Moderate: openssh security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for openssh is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.
Security Fix(es):
- openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled (CVE-2025-26465)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2344780 - CVE-2025-26465 openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 8
| SRPM | |
|---|---|
| openssh-8.0p1-26.el8_10.src.rpm | SHA-256: 6e57f4362f3a24fee218e9a9eb15ee4e838da5b52ce331c76b2c7c7722f228d3 |
| x86_64 | |
| openssh-8.0p1-26.el8_10.x86_64.rpm | SHA-256: b489b3736df71503ca20b3f510e546f5d723bcb919994d54e8e8179956ca58ac |
| openssh-askpass-8.0p1-26.el8_10.x86_64.rpm | SHA-256: 3571ba44881c912ffa80fd6d5ef6407d4bc962f34245bb36406f5d8a30544b17 |
| openssh-askpass-debuginfo-8.0p1-26.el8_10.x86_64.rpm | SHA-256: c1a5543d9eb2928113c008e83bc98366a2c754c6d2e9a5ea58da1f8b50443a7c |
| openssh-askpass-debuginfo-8.0p1-26.el8_10.x86_64.rpm | SHA-256: c1a5543d9eb2928113c008e83bc98366a2c754c6d2e9a5ea58da1f8b50443a7c |
| openssh-cavs-8.0p1-26.el8_10.x86_64.rpm | SHA-256: b4d0ee3f63e0e963e62da2ac2c2acadd8b310c2e7767795f9ff373832335461f |
| openssh-cavs-debuginfo-8.0p1-26.el8_10.x86_64.rpm | SHA-256: 465bd2d274e47fa645acc0f924fd6dd9d0920fabd15da642b20178e48876b135 |
| openssh-cavs-debuginfo-8.0p1-26.el8_10.x86_64.rpm | SHA-256: 465bd2d274e47fa645acc0f924fd6dd9d0920fabd15da642b20178e48876b135 |
| openssh-clients-8.0p1-26.el8_10.x86_64.rpm | SHA-256: 14bb4b83e3e8cb25945063c06c396058453f2273b4b9079606dfa3f9f517ea08 |
| openssh-clients-debuginfo-8.0p1-26.el8_10.x86_64.rpm | SHA-256: 8aa9e3ef3944639276e5ecc827fc63d61ebdbbdd168d5590fdac58dc24478557 |
| openssh-clients-debuginfo-8.0p1-26.el8_10.x86_64.rpm | SHA-256: 8aa9e3ef3944639276e5ecc827fc63d61ebdbbdd168d5590fdac58dc24478557 |
| openssh-debuginfo-8.0p1-26.el8_10.x86_64.rpm | SHA-256: 4ecfe7364bf310ce3750814421b44ec9cefde17abde4de0c1f9ca331b26e93c3 |
| openssh-debuginfo-8.0p1-26.el8_10.x86_64.rpm | SHA-256: 4ecfe7364bf310ce3750814421b44ec9cefde17abde4de0c1f9ca331b26e93c3 |
| openssh-debugsource-8.0p1-26.el8_10.x86_64.rpm | SHA-256: 549924fedcaaa8408eb2901154792495142c7e2769f0fecc3d7dbd538a1bcc38 |
| openssh-debugsource-8.0p1-26.el8_10.x86_64.rpm | SHA-256: 549924fedcaaa8408eb2901154792495142c7e2769f0fecc3d7dbd538a1bcc38 |
| openssh-keycat-8.0p1-26.el8_10.x86_64.rpm | SHA-256: f920c9f982d49865e975585c7453df606e5b6d75f897084f462bd28825bd9127 |
| openssh-keycat-debuginfo-8.0p1-26.el8_10.x86_64.rpm | SHA-256: 3bc86a43e826a75955edaf29ff70002a7566c996f8d3fe78887fbe8474c04bf9 |
| openssh-keycat-debuginfo-8.0p1-26.el8_10.x86_64.rpm | SHA-256: 3bc86a43e826a75955edaf29ff70002a7566c996f8d3fe78887fbe8474c04bf9 |
| openssh-ldap-8.0p1-26.el8_10.x86_64.rpm | SHA-256: 2e9c3864cd9b3e3df5f54087dfc7661fdaa9fefdfd092c9f5708ca1f3ba0296f |
| openssh-ldap-debuginfo-8.0p1-26.el8_10.x86_64.rpm | SHA-256: a5415fba517d0366636b996f61c78b75ddf62c9e0a44b1c158ac821d7af0eb6c |
| openssh-ldap-debuginfo-8.0p1-26.el8_10.x86_64.rpm | SHA-256: a5415fba517d0366636b996f61c78b75ddf62c9e0a44b1c158ac821d7af0eb6c |
| openssh-server-8.0p1-26.el8_10.x86_64.rpm | SHA-256: e8e6a2eb7cef4bd24839df161d61aea74ab117f8c2d11f38ca4a4171c5aef314 |
| openssh-server-debuginfo-8.0p1-26.el8_10.x86_64.rpm | SHA-256: bbcb6546d58ed1d3d8b1026cf9c04a38759af0fd4f083e1d6091623369f5fcda |
| openssh-server-debuginfo-8.0p1-26.el8_10.x86_64.rpm | SHA-256: bbcb6546d58ed1d3d8b1026cf9c04a38759af0fd4f083e1d6091623369f5fcda |
| pam_ssh_agent_auth-0.10.3-7.26.el8_10.x86_64.rpm | SHA-256: 510e42e27f9ec75cd2a84c764c9dec839d19d61ff5fedfaee51042558545911b |
| pam_ssh_agent_auth-debuginfo-0.10.3-7.26.el8_10.x86_64.rpm | SHA-256: 8ba32d41c20c74c667c1672795e470d94feaec0161ffa4f4b567490b5bed741a |
| pam_ssh_agent_auth-debuginfo-0.10.3-7.26.el8_10.x86_64.rpm | SHA-256: 8ba32d41c20c74c667c1672795e470d94feaec0161ffa4f4b567490b5bed741a |
Red Hat Enterprise Linux for IBM z Systems 8
| SRPM | |
|---|---|
| openssh-8.0p1-26.el8_10.src.rpm | SHA-256: 6e57f4362f3a24fee218e9a9eb15ee4e838da5b52ce331c76b2c7c7722f228d3 |
| s390x | |
| openssh-8.0p1-26.el8_10.s390x.rpm | SHA-256: ba3d00e669aff2209202b28171257e6188c061fd3da01d2855599acd8a9d7633 |
| openssh-askpass-8.0p1-26.el8_10.s390x.rpm | SHA-256: c75e03633b65b5cbf9f2ad9b56c41d716bc0f15a37d1165929eb57dc396b06a2 |
| openssh-askpass-debuginfo-8.0p1-26.el8_10.s390x.rpm | SHA-256: 858156214b282f5fc8c027a538fa9d59009daed64304a426ef80071edfd65b5d |
| openssh-askpass-debuginfo-8.0p1-26.el8_10.s390x.rpm | SHA-256: 858156214b282f5fc8c027a538fa9d59009daed64304a426ef80071edfd65b5d |
| openssh-cavs-8.0p1-26.el8_10.s390x.rpm | SHA-256: 86053f0519a0887aa65aed8897c9b533de1d091962ecd188099388fe0d75d3f6 |
| openssh-cavs-debuginfo-8.0p1-26.el8_10.s390x.rpm | SHA-256: 3ec5f0671cc22a0b4a482d3427ac80e6814e3b7bbe58d7edd834fcb7c88c5dc3 |
| openssh-cavs-debuginfo-8.0p1-26.el8_10.s390x.rpm | SHA-256: 3ec5f0671cc22a0b4a482d3427ac80e6814e3b7bbe58d7edd834fcb7c88c5dc3 |
| openssh-clients-8.0p1-26.el8_10.s390x.rpm | SHA-256: e1c82a2e3e6fcde0710edc1186e8332a534b5589dce979397b31dbbfe0d33ed2 |
| openssh-clients-debuginfo-8.0p1-26.el8_10.s390x.rpm | SHA-256: 5b686774cf99a32e1f312a2411df30e80e3bdda4de0e7b9126b5298410d9a129 |
| openssh-clients-debuginfo-8.0p1-26.el8_10.s390x.rpm | SHA-256: 5b686774cf99a32e1f312a2411df30e80e3bdda4de0e7b9126b5298410d9a129 |
| openssh-debuginfo-8.0p1-26.el8_10.s390x.rpm | SHA-256: 867506fc386df60f33a73ebb875c6f7cbc0c0f43e3d40fd5ecc1fc9a6301dc1e |
| openssh-debuginfo-8.0p1-26.el8_10.s390x.rpm | SHA-256: 867506fc386df60f33a73ebb875c6f7cbc0c0f43e3d40fd5ecc1fc9a6301dc1e |
| openssh-debugsource-8.0p1-26.el8_10.s390x.rpm | SHA-256: 51ee05a56cc2dee0d1b171bda629681806475d20304635ebe5b0612b953586ec |
| openssh-debugsource-8.0p1-26.el8_10.s390x.rpm | SHA-256: 51ee05a56cc2dee0d1b171bda629681806475d20304635ebe5b0612b953586ec |
| openssh-keycat-8.0p1-26.el8_10.s390x.rpm | SHA-256: 150250dfbea870ba4d4f211c67339ff1ee4f68ea346dfb013b4d780dd5052655 |
| openssh-keycat-debuginfo-8.0p1-26.el8_10.s390x.rpm | SHA-256: 0bff66bb97f3d1eba1b7937a650dcd4f88950f81f04829d64e97d76bc4ba48b4 |
| openssh-keycat-debuginfo-8.0p1-26.el8_10.s390x.rpm | SHA-256: 0bff66bb97f3d1eba1b7937a650dcd4f88950f81f04829d64e97d76bc4ba48b4 |
| openssh-ldap-8.0p1-26.el8_10.s390x.rpm | SHA-256: ca4dd4ba86af06ec6f36d5014092fb0a10a22e6501ec3f5e3b1d179d96e8ba09 |
| openssh-ldap-debuginfo-8.0p1-26.el8_10.s390x.rpm | SHA-256: 9a5ae039c8826d1f1fca7741782b1b72df0e8fb74d46b9bb2ee9ddaff6aba4c7 |
| openssh-ldap-debuginfo-8.0p1-26.el8_10.s390x.rpm | SHA-256: 9a5ae039c8826d1f1fca7741782b1b72df0e8fb74d46b9bb2ee9ddaff6aba4c7 |
| openssh-server-8.0p1-26.el8_10.s390x.rpm | SHA-256: 94d08ca74d6d3f2acb77a690663efe99db47ddd6c5b590e215505a8cc3933aed |
| openssh-server-debuginfo-8.0p1-26.el8_10.s390x.rpm | SHA-256: f596c0a0e6d4bc358712aef8b823aac44307852b19b75397d6eeaa0cda2bcec5 |
| openssh-server-debuginfo-8.0p1-26.el8_10.s390x.rpm | SHA-256: f596c0a0e6d4bc358712aef8b823aac44307852b19b75397d6eeaa0cda2bcec5 |
| pam_ssh_agent_auth-0.10.3-7.26.el8_10.s390x.rpm | SHA-256: 75ac62f97030813de1179b1c7eea8eea8bfc5f2390650b6cc2980ba5bc59a0ba |
| pam_ssh_agent_auth-debuginfo-0.10.3-7.26.el8_10.s390x.rpm | SHA-256: a21de11d28027a3d809470f8239d5ce90f9b4e1f4cf00605ab151e79d67d42de |
| pam_ssh_agent_auth-debuginfo-0.10.3-7.26.el8_10.s390x.rpm | SHA-256: a21de11d28027a3d809470f8239d5ce90f9b4e1f4cf00605ab151e79d67d42de |
Red Hat Enterprise Linux for Power, little endian 8
| SRPM | |
|---|---|
| openssh-8.0p1-26.el8_10.src.rpm | SHA-256: 6e57f4362f3a24fee218e9a9eb15ee4e838da5b52ce331c76b2c7c7722f228d3 |
| ppc64le | |
| openssh-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: f1569cc43116ed43b49ed93f1724d695be285f58a4e9258efe78164c53f2ab48 |
| openssh-askpass-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: 02b613164a1083490bd0dae573563f9a654ef625388bdff520426a5d215a1a71 |
| openssh-askpass-debuginfo-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: 1ec4dac4ea4ce07d8bab07e404bbcc2c69976686a68d4aefa282f5258975c27b |
| openssh-askpass-debuginfo-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: 1ec4dac4ea4ce07d8bab07e404bbcc2c69976686a68d4aefa282f5258975c27b |
| openssh-cavs-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: bba2b87f5533de8834b4c3538627f2845b9c6affb1f76539de756c6c2dfddefd |
| openssh-cavs-debuginfo-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: 649bf6cd05cb57fcd59655ad921359a2aa5d86825ad8f920091944a2dce84fcd |
| openssh-cavs-debuginfo-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: 649bf6cd05cb57fcd59655ad921359a2aa5d86825ad8f920091944a2dce84fcd |
| openssh-clients-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: b029695f5b66b2c01464fcc20455173de899b707104bd51930e0eb8e7ff6f0cd |
| openssh-clients-debuginfo-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: c1f20074f6c50a6b58e95e77514e2d2a3725294d101f134adee41d605a7c5b0a |
| openssh-clients-debuginfo-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: c1f20074f6c50a6b58e95e77514e2d2a3725294d101f134adee41d605a7c5b0a |
| openssh-debuginfo-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: 1451f37ce1d16a6e679f04a76c3e52100461c90e248141a1d3eb27c50899c8fb |
| openssh-debuginfo-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: 1451f37ce1d16a6e679f04a76c3e52100461c90e248141a1d3eb27c50899c8fb |
| openssh-debugsource-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: 0c5bdedea43a173283e8c01510ba332c2735c5862389344f4d1169edc2520e2b |
| openssh-debugsource-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: 0c5bdedea43a173283e8c01510ba332c2735c5862389344f4d1169edc2520e2b |
| openssh-keycat-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: 909778a7c1921de81b8ab1a228c1f65c0ae9021cc500f237c21a49b1a1aa9723 |
| openssh-keycat-debuginfo-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: e8902ea18dee4ab0c91e7d2d14a7ba6c66ae3c7b31b4e399eb20fb7215010e5a |
| openssh-keycat-debuginfo-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: e8902ea18dee4ab0c91e7d2d14a7ba6c66ae3c7b31b4e399eb20fb7215010e5a |
| openssh-ldap-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: c7eb66cd8daf3b9734963eea1b332f3e7cac05f2e03d04ac36da68974348c414 |
| openssh-ldap-debuginfo-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: 7e688ac5f93bcfa68be0d154fda3ac9e8a5d73b0ea10369096a915a133bd5dfa |
| openssh-ldap-debuginfo-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: 7e688ac5f93bcfa68be0d154fda3ac9e8a5d73b0ea10369096a915a133bd5dfa |
| openssh-server-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: 6fd8c0b6d5c5d49474d1e2ca1e8eb0246e086195016477bb58d2b0bf3e82d8a3 |
| openssh-server-debuginfo-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: 29644d17b87fac19fd455c2fbacf8a97cd5a22b2dd0c880651bb8517faacbdd5 |
| openssh-server-debuginfo-8.0p1-26.el8_10.ppc64le.rpm | SHA-256: 29644d17b87fac19fd455c2fbacf8a97cd5a22b2dd0c880651bb8517faacbdd5 |
| pam_ssh_agent_auth-0.10.3-7.26.el8_10.ppc64le.rpm | SHA-256: b71b92fdd552777ef0486fb8fa50f60e4cda9b87de7e34b9dac7cbe37e6db14a |
| pam_ssh_agent_auth-debuginfo-0.10.3-7.26.el8_10.ppc64le.rpm | SHA-256: 00ec746aa4d8c0ec33b954e449084ef6cb5829dc0b83eac11262a3c776fabdc9 |
| pam_ssh_agent_auth-debuginfo-0.10.3-7.26.el8_10.ppc64le.rpm | SHA-256: 00ec746aa4d8c0ec33b954e449084ef6cb5829dc0b83eac11262a3c776fabdc9 |
Red Hat Enterprise Linux for ARM 64 8
| SRPM | |
|---|---|
| openssh-8.0p1-26.el8_10.src.rpm | SHA-256: 6e57f4362f3a24fee218e9a9eb15ee4e838da5b52ce331c76b2c7c7722f228d3 |
| aarch64 | |
| openssh-8.0p1-26.el8_10.aarch64.rpm | SHA-256: 62218045aa14e11e9a20658bf1544532e5376409e6e59a0e80456bac66e7e51e |
| openssh-askpass-8.0p1-26.el8_10.aarch64.rpm | SHA-256: bba0c22ac960f2f7334ba74e24d3440ed7cb7ddc2df0566d2b75228f72884b19 |
| openssh-askpass-debuginfo-8.0p1-26.el8_10.aarch64.rpm | SHA-256: ef6632d6c8e2678e9455cf09fe4227238c414d9d189c72e0f0e501aca036caa6 |
| openssh-askpass-debuginfo-8.0p1-26.el8_10.aarch64.rpm | SHA-256: ef6632d6c8e2678e9455cf09fe4227238c414d9d189c72e0f0e501aca036caa6 |
| openssh-cavs-8.0p1-26.el8_10.aarch64.rpm | SHA-256: 67f3902e82ba1e85b83dbd089fd9da5a5d84dcbfa735cb71dff0c86530f6bf75 |
| openssh-cavs-debuginfo-8.0p1-26.el8_10.aarch64.rpm | SHA-256: f0e0d32c2379f796470dcbdea62cf4130800e06dea354f5c80d4a2230a91b559 |
| openssh-cavs-debuginfo-8.0p1-26.el8_10.aarch64.rpm | SHA-256: f0e0d32c2379f796470dcbdea62cf4130800e06dea354f5c80d4a2230a91b559 |
| openssh-clients-8.0p1-26.el8_10.aarch64.rpm | SHA-256: c58de07e793ac839d3dced06b08192834af7c64623736db2abbf1f62e287f25c |
| openssh-clients-debuginfo-8.0p1-26.el8_10.aarch64.rpm | SHA-256: aa15b25f7694c9f763b5bb32f55b4f129bd53e431971fb063adc96cd7e17b0a6 |
| openssh-clients-debuginfo-8.0p1-26.el8_10.aarch64.rpm | SHA-256: aa15b25f7694c9f763b5bb32f55b4f129bd53e431971fb063adc96cd7e17b0a6 |
| openssh-debuginfo-8.0p1-26.el8_10.aarch64.rpm | SHA-256: 7eeeb519cf92b5e42fbae415253829fad39f9440dcbc9a7f32638ffd34e80178 |
| openssh-debuginfo-8.0p1-26.el8_10.aarch64.rpm | SHA-256: 7eeeb519cf92b5e42fbae415253829fad39f9440dcbc9a7f32638ffd34e80178 |
| openssh-debugsource-8.0p1-26.el8_10.aarch64.rpm | SHA-256: c0e903e3934efebf08332cbea360abe3f593883ec896ee3f0882a5add8a62bc1 |
| openssh-debugsource-8.0p1-26.el8_10.aarch64.rpm | SHA-256: c0e903e3934efebf08332cbea360abe3f593883ec896ee3f0882a5add8a62bc1 |
| openssh-keycat-8.0p1-26.el8_10.aarch64.rpm | SHA-256: 4fcedbbca873a1feb563df1ea8756308f48e0036daba5e7b8e2bde06320a1cb9 |
| openssh-keycat-debuginfo-8.0p1-26.el8_10.aarch64.rpm | SHA-256: a172c75e9f318a81a6c4d94f5dd9f5586a9586746ad9e54596c1ccd795b472d2 |
| openssh-keycat-debuginfo-8.0p1-26.el8_10.aarch64.rpm | SHA-256: a172c75e9f318a81a6c4d94f5dd9f5586a9586746ad9e54596c1ccd795b472d2 |
| openssh-ldap-8.0p1-26.el8_10.aarch64.rpm | SHA-256: 6c9d51261a347589034820de9ad50ac4ef62a9bdb5f5e8863e5afd937cdcccbc |
| openssh-ldap-debuginfo-8.0p1-26.el8_10.aarch64.rpm | SHA-256: 68ecf3d1fef4345e47926c3cd33911dcc00a39260f4175553f4e78f3db91b323 |
| openssh-ldap-debuginfo-8.0p1-26.el8_10.aarch64.rpm | SHA-256: 68ecf3d1fef4345e47926c3cd33911dcc00a39260f4175553f4e78f3db91b323 |
| openssh-server-8.0p1-26.el8_10.aarch64.rpm | SHA-256: ecf7cddda9a180549f0c4c091a0f6d8787355e6d94f9e7c29ed179d0fe3adc0c |
| openssh-server-debuginfo-8.0p1-26.el8_10.aarch64.rpm | SHA-256: a134a3bc90e63aa1be7c24d55c17c78a9f2bc675fca9a4819992ec92d00f45e3 |
| openssh-server-debuginfo-8.0p1-26.el8_10.aarch64.rpm | SHA-256: a134a3bc90e63aa1be7c24d55c17c78a9f2bc675fca9a4819992ec92d00f45e3 |
| pam_ssh_agent_auth-0.10.3-7.26.el8_10.aarch64.rpm | SHA-256: 2c9731de3321e556287ca66933d5fd1cddc008b96a0b0433630dd76efb5e385e |
| pam_ssh_agent_auth-debuginfo-0.10.3-7.26.el8_10.aarch64.rpm | SHA-256: 1c5bf896391dd91fdf25e3a392b2ad2311d3dc2fcfe04882db8b7305bf84c05d |
| pam_ssh_agent_auth-debuginfo-0.10.3-7.26.el8_10.aarch64.rpm | SHA-256: 1c5bf896391dd91fdf25e3a392b2ad2311d3dc2fcfe04882db8b7305bf84c05d |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
