Alpine: openssh: security update to 9.3_p2-r3

medium Tenable Self-Hosted Container Security Plugin ID 420911

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle
attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how
OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be
considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning
the attack complexity high. (CVE-2025-26465)

See Also

https://security.alpinelinux.org/vuln/CVE-2025-26465

Plugin Details

Severity: Medium

ID: 420911

Version: Revision 1.17

Type: Local

Published: 2/19/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.3

Percentile: 53.59

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N

CVSS Score Source: CVE-2025-26465

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 6.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2/11/2025

Reference Information

CVE: CVE-2025-26465

IAVA: 2025-A-0126