Oracle Linux Security Advisory ELSA-2025-23480 http://linux.oracle.com/errata/ELSA-2025-23480.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: openssh-8.7p1-47.0.1.el9_7.x86_64.rpm openssh-askpass-8.7p1-47.0.1.el9_7.x86_64.rpm openssh-clients-8.7p1-47.0.1.el9_7.x86_64.rpm openssh-keycat-8.7p1-47.0.1.el9_7.x86_64.rpm openssh-server-8.7p1-47.0.1.el9_7.x86_64.rpm pam_ssh_agent_auth-0.10.4-5.47.0.1.el9_7.x86_64.rpm aarch64: openssh-8.7p1-47.0.1.el9_7.aarch64.rpm openssh-askpass-8.7p1-47.0.1.el9_7.aarch64.rpm openssh-clients-8.7p1-47.0.1.el9_7.aarch64.rpm openssh-keycat-8.7p1-47.0.1.el9_7.aarch64.rpm openssh-server-8.7p1-47.0.1.el9_7.aarch64.rpm pam_ssh_agent_auth-0.10.4-5.47.0.1.el9_7.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/openssh-8.7p1-47.0.1.el9_7.src.rpm Related CVEs: CVE-2025-61984 CVE-2025-61985 Description of changes: [8.7p1-47.0.1] - Upstream references found with /usr/bin/ssh [Orabug: 37814929] - upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand [Orabug: 37647064] - Update upstream references [Orabug: 36564626] [8.7p1-47] - CVE-2025-61984: Reject usernames with control characters Resolves: RHEL-128401 - CVE-2025-61985: Reject URL-strings with NULL characters Resolves: RHEL-128392 _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
