Alpine: multiple openssh packages: security update to 9.9_p2-r0

medium Tenable Cloud Security Plugin ID 424273

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle
attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how
OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be
considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning
the attack complexity high. (CVE-2025-26465)

- A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is
allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client
key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled
increase in memory consumption on the server side. Consequently, the server may become unavailable,
resulting in a denial of service attack. (CVE-2025-26466)

See Also

https://security.alpinelinux.org/vuln/CVE-2025-26465

https://security.alpinelinux.org/vuln/CVE-2025-26466

Plugin Details

Severity: Medium

ID: 424273

Version: Revision 1.10

Type: Local

Published: 4/4/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.7

Percentile: 96.49

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N

CVSS Score Source: CVE-2025-26465

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 6.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 12/12/2023

Reference Information

CVE: CVE-2025-26465, CVE-2025-26466

IAVA: 2025-A-0126-S