-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4535-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 16, 2026 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : openssh Version : 1:8.4p1-5+deb11u6 CVE ID : CVE-2026-3497 Debian Bug : 1130595 Jeremy Brown discovered a flaw in the GSSAPI Key Exchange patch applied in Debian to OpenSSH, an implementation of the SSH protocol suite, affecting non-default configurations with the GSSAPIKeyExchange setting enabled. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code. For Debian 11 bullseye, this problem has been fixed in version 1:8.4p1-5+deb11u6. We recommend that you upgrade your openssh packages. For the detailed security status of openssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssh Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmnhHGYACgkQnUbEiOQ2 gwJFchAAselD5avi2BsKHOUV6q8nyCjf+ld8PrKr0+T6Zu4HJGi1cDTTLpsIlMNP 7pLuKsaf/jvg4LU4xHQsGlgdaaoFxFn43yJ6+ug5SLdTJvHmBwmdM4tyfg3UPahf C+FHThTLp6gqyqCNb7ehgQ0FwCuf+Lu/nvnwNWtu+bgxKMM/eeE1JMvGFKbB12iS 3/FNd0NKqHLLFFyeEmosoQLRj3F1vt7ijVVwpLNigfSueAo8LoDi6+muzvSqBvog T97Axrl6dlHhdzOoiEtATgSgsYD+g/rtpaqUkNJwXKaORAIrZXJGVwRbw41Lp+aA 2dIgd3PvK/aARgenohN27w7d+juASl8OYYU9s2oUGTZA42yjtjWJNIvJdIgyeC6P vL+wFT12kb3SQt6C5TSYmWlQmmVcoGXllZ/skvBw1JwBqPpVgbyUZtGC0DmdjMxD BZF93pFT29b1h0V/60O8tl+zscsgbAJjv7o+F1VHXOMpbQS3HTSNDRp8dfaqxSoM MefclSAYjTgPiNLzpsyNc7YMdZtku7ieop6aTN9UKHeGazSgWa+Kk5q7HDBBsCZW VzdSzLy1HGVaD2JCzVyTcHAlfCe8B/bLTUk+zpjCw6S89Uc+aLuJWhXYL7O2qiA6 ZNMtx8squa2wgjeDIwdyPCXjTUFboq6dg2ATZ71UnH0WjZRBprM= =KaeV -----END PGP SIGNATURE-----
