Fedora OpenSSH Vulnerabilities Lead to Client-Side DoS Risks

Fedora OpenSSH Vulnerabilities Lead to Client-Side DoS Risks

First seen 11 Jul 2026, 23:28 UTC Linuxsecurity 90% similarity 57.9

Article Content

Browse articles
ThreatCluster

Recent updates to Fedora's OpenSSH have addressed critical vulnerabilities identified as CVE-2026-55653, CVE-2026-55654, and CVE-2026-55655. These vulnerabilities include a double free error in the DH-GEX client path, a heap out-of-bounds read during GSSAPI cleanup, and a potential MITM attack via X11 forwarding. The flaws can lead to client-side denial of service and compromise the security of X11 sessions. Affected systems include Fedora versions 43 and 44. The vulnerabilities were published on June 23, 2026, and patches were released on July 7, 2026. Users are advised to update their systems using the 'dnf' package manager to mitigate these risks. The issues were reported by developers Zoltan Fridrich and Dmitry Belyavskiy.

Key Points: • Three critical vulnerabilities in OpenSSH affect Fedora 43 and 44. • CVE-2026-55653 can lead to client-side denial of service. • Patches were released on July 7, 2026, and users are urged to update.

ThreatCluster AI

Timeline

2026-06-23
CVE-2026-55653 published
A double free vulnerability in OpenSSH's DH-GEX client path was disclosed, leading to potential DoS.
Linuxsecurity
2026-06-23
CVE-2026-55654 published
A heap out-of-bounds read vulnerability during GSSAPI cleanup was disclosed, affecting OpenSSH.
Linuxsecurity
2026-06-23
CVE-2026-55655 published
A vulnerability allowing MITM attacks via X11 forwarding was disclosed in OpenSSH.
Linuxsecurity
2026-07-07
Patches released for vulnerabilities
Fedora released patches for the identified OpenSSH vulnerabilities, urging users to update.
Linuxsecurity

Community

Browse all →