Home / mailings [SECURITY] [DSA 6204-1] openssh security update
Posted on 09 April 2026
Debian Security Advisory- -------------------------------------------------------------------------
Debian Security Advisory DSA-6204-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 09, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openssh
CVE ID : CVE-2026-3497
Debian Bug : 1130595
Jeremy Brown discovered a flaw in the GSSAPI Key Exchange patch applied
in Debian to OpenSSH, an implementation of the SSH protocol suite,
affecting non-default configurations with the GSSAPIKeyExchange setting
enabled. A remote attacker can take advantage of this flaw to cause a
denial of service, or potentially the execution of arbitrary code.
For the oldstable distribution (bookworm), this problem has been fixed
in version 1:9.2p1-2+deb12u9. This update includes fixes for
CVE-2025-61984 and CVE-2025-61985 which were queued for the Debian
bookworm 12.14 point release.
For the stable distribution (trixie), this problem has been fixed in
version 1:10.0p1-7+deb13u2.
We recommend that you upgrade your openssh packages.
For the detailed security status of openssh please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/openssh
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
