NS-SA-2025-0089

简介

moderate: openssh/unbound security update

严重级别

moderate

主题

An update for openssh/unbound is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

openssh:
unbound:


Security Fix(es):
openssh: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.(CVE-2025-26465)
openssh: bugfix
unbound: A flaw was found in Unbound which can lead to degraded performance and an eventual denial of service when handling replies with very large RRsets that require name compression to be applied. Versions prior to 1.21.1 do not have a hard limit on the number of name compression calculations that Unbound can perform per packet, meaning that if a specially crafted query is passed for the contents of a malicious zone with very large RRsets, Unbound may spend a considerable amount of time applying name compression to downstream replies, locking the CPU until the whole packet has been processed.(CVE-2024-8508)
unbound: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.02B7.

影响组件

• openssh
• unbound

影响产品

• CGSL MAIN 7.02

更新包

CVE

• CVE-2025-26465
• CVE-2024-8508

参考

• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-26465
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-8508