OpenSSH Vulnerabilities Lead to Denial of Service Risks in Ubuntu

OpenSSH Vulnerabilities Lead to Denial of Service Risks in Ubuntu

First seen 12 Mar 2026, 22:58 UTC UbuntuLinuxsecurityCybersecuritynews 88% similarity 70.5

Article Content

Browse articles
ThreatCluster

Multiple vulnerabilities in OpenSSH have been identified, affecting various Ubuntu versions, including 20.04 LTS. The vulnerabilities include a critical issue discovered by Jeremy Brown regarding the GSSAPI Key Exchange, which can lead to denial of service or arbitrary code execution (CVE-2026-3497). Additionally, David Leadbeater found vulnerabilities related to control characters in usernames (CVE-2025-61984) and NULL characters in ssh:// URIs (CVE-2025-61985), both of which can also allow for arbitrary code execution. The vulnerabilities were patched in updates released on March 12, 2026. Users are advised to update their systems to mitigate these risks. The issues primarily affect users with non-default configurations enabled. The vulnerabilities were disclosed in advisories from Ubuntu and Linuxsecurity.

Key Points: • Critical vulnerabilities in OpenSSH could lead to denial of service and arbitrary code execution. • Affected Ubuntu versions include 20.04 LTS and others; updates were released on March 12, 2026. • Users should apply patches immediately to mitigate risks associated with these vulnerabilities.

ThreatCluster AI

Timeline

2025-10-06
CVE-2025-61984 and CVE-2025-61985 published
2025-10-07
First public PoC for CVE-2025-61984 released
2026-03-12
OpenSSH vulnerabilities patched in Ubuntu updates
2026-03-12
CVE-2026-3497 published

Community

Browse all →