FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-04-16 07:28:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a8f1ee74-f267-11ef-87ba-002590c1f29c	FreeBSD -- Multiple vulnerabilities in OpenSSH Problem Description: OpenSSH client host verification error (CVE-2025-26465) ssh(1) contains a logic error that allows an on-path attacker to impersonate any server during certain conditions when the VerifyHostKeyDNS option is enabled. OpenSSH server denial of service (CVE-2025-26466) The OpenSSH client and server are both vulnerable to a memory/CPU denial of service while handling SSH2_MSG_PING packets. Impact: OpenSSH client host verification error (CVE-2025-26465) Under specific circumstances, a machine-in-the-middle may impersonate any server when the client has the VerifyHostKeyDNS option enabled. OpenSSH server denial of service (CVE-2025-26466) During the processing of SSH2_MSG_PING packets, a server may be subject to a memory/CPU denial of service. Discovery 2025-02-21 Entry 2025-02-24 Modified 2025-03-08 FreeBSD >= 14.2 lt 14.2_2 >= 14.1 lt 14.1_8 >= 13.4 lt 13.4_4 openssh-portable < 9.9.p2_1,1 openssh-portable-hpn < 9.9.p2_1,1 openssh-portable-gssapi < 9.9.p2_1,1 CVE-2025-26465 CVE-2025-26466 SA-25:05.openssh https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26466

VuXML ID

Description

a8f1ee74-f267-11ef-87ba-002590c1f29c

FreeBSD -- Multiple vulnerabilities in OpenSSH

Problem Description:

OpenSSH client host verification error (CVE-2025-26465)

ssh(1) contains a logic error that allows an on-path attacker to impersonate any server during certain conditions when the VerifyHostKeyDNS option is enabled.

OpenSSH server denial of service (CVE-2025-26466)

The OpenSSH client and server are both vulnerable to a memory/CPU denial of service while handling SSH2_MSG_PING packets.

Impact:

OpenSSH client host verification error (CVE-2025-26465)

Under specific circumstances, a machine-in-the-middle may impersonate any server when the client has the VerifyHostKeyDNS option enabled.

OpenSSH server denial of service (CVE-2025-26466)

During the processing of SSH2_MSG_PING packets, a server may be subject to a memory/CPU denial of service.

Discovery 2025-02-21
Entry 2025-02-24
Modified 2025-03-08
FreeBSD

>= 14.2 lt 14.2_2

>= 14.1 lt 14.1_8

>= 13.4 lt 13.4_4

openssh-portable

< 9.9.p2_1,1

openssh-portable-hpn

< 9.9.p2_1,1

openssh-portable-gssapi

< 9.9.p2_1,1

CVE-2025-26465
CVE-2025-26466
SA-25:05.openssh
https://nvd.nist.gov/vuln/detail/CVE-2025-26465
https://nvd.nist.gov/vuln/detail/CVE-2025-26466