{ "document" : { "aggregate_severity" : { "text" : "mittel" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "OpenSSH ist eine Open Source Implementierung des Secure Shell Protokolls.\r\nUbuntu Linux ist die Linux Distribution des Herstellers Canonical.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSH GSSAPI und Ubuntu Linux ausnutzen, um ein undefiniertes Fehlverhalten oder einen potenziellen Denial-of-Service-Angriff auszulösen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Linux", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-0716 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0716.json" }, { "category" : "self", "summary" : "WID-SEC-2026-0716 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0716" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-WCPP-3X59-H8VP vom 2026-03-12", "url" : "https://github.com/advisories/GHSA-WCPP-3X59-H8VP" }, { "category" : "external", "summary" : "Mailing List OSS-Security vom 2026-03-12", "url" : "https://seclists.org/oss-sec/2026/q1/299" }, { "category" : "external", "summary" : "Ubuntu Security Notice USN-8090-1 vom 2026-03-12", "url" : "https://ubuntu.com/security/notices/USN-8090-1" }, { "category" : "external", "summary" : "Ubuntu Security Notice USN-8090-2 vom 2026-03-12", "url" : "https://ubuntu.com/security/notices/USN-8090-2" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-2026-BAB4AA5DA7 vom 2026-03-18", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2026-bab4aa5da7" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-2026-39819A3D62 vom 2026-03-18", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2026-39819a3d62" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-2026-62FB46CAAC vom 2026-03-18", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2026-62fb46caac" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2026-6462 vom 2026-04-03", "url" : "https://linux.oracle.com/errata/ELSA-2026-6462.html" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2026-6461 vom 2026-04-03", "url" : "https://linux.oracle.com/errata/ELSA-2026-6461.html" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2026-6463 vom 2026-04-02", "url" : "https://linux.oracle.com/errata/ELSA-2026-6463.html" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:6463 vom 2026-04-02", "url" : "https://access.redhat.com/errata/RHSA-2026:6463" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:6462 vom 2026-04-02", "url" : "https://access.redhat.com/errata/RHSA-2026:6462" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:6461 vom 2026-04-02", "url" : "https://access.redhat.com/errata/RHSA-2026:6461" }, { "category" : "external", "summary" : "Rocky Linux Security Advisory RLSA-2026:6461 vom 2026-04-09", "url" : "https://errata.build.resf.org/RLSA-2026:6461" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:7107 vom 2026-04-08", "url" : "https://access.redhat.com/errata/RHSA-2026:7107" }, { "category" : "external", "summary" : "Debian Security Advisory DSA-6204 vom 2026-04-09", "url" : "https://lists.debian.org/debian-security-announce/2026/msg00114.html" } ], "source_lang" : "en-US", "title" : "OpenSSH GSSAPI delta: Schwachstelle ermöglicht nicht spezifizierten Angriff", "tracking" : { "current_release_date" : "2026-04-09T22:00:00.000+00:00", "generator" : { "date" : "2026-04-10T07:16:55.297+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.5.0" } }, "id" : "WID-SEC-W-2026-0716", "initial_release_date" : "2026-03-12T23:00:00.000+00:00", "revision_history" : [ { "date" : "2026-03-12T23:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2026-03-17T23:00:00.000+00:00", "number" : "2", "summary" : "Neue Updates von Fedora aufgenommen" }, { "date" : "2026-04-06T22:00:00.000+00:00", "number" : "3", "summary" : "Neue Updates von Oracle Linux und Red Hat aufgenommen" }, { "date" : "2026-04-08T22:00:00.000+00:00", "number" : "4", "summary" : "Neue Updates von Rocky Enterprise Software Foundation und Red Hat aufgenommen" }, { "date" : "2026-04-09T22:00:00.000+00:00", "number" : "5", "summary" : "Neue Updates von Debian aufgenommen" } ], "status" : "final", "version" : "5" } }, "product_tree" : { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Debian Linux", "product" : { "name" : "Debian Linux", "product_id" : "2951", "product_identification_helper" : { "cpe" : "cpe:/o:debian:debian_linux:-" } } } ], "category" : "vendor", "name" : "Debian" }, { "branches" : [ { "category" : "product_name", "name" : "Fedora Linux", "product" : { "name" : "Fedora Linux", "product_id" : "74185", "product_identification_helper" : { "cpe" : "cpe:/o:fedoraproject:fedora:-" } } } ], "category" : "vendor", "name" : "Fedora" }, { "branches" : [ { "branches" : [ { "category" : "product_version", "name" : "GSSAPI delta Linux distributions", "product" : { "name" : "Open Source OpenSSH GSSAPI delta Linux distributions", "product_id" : "T051698", "product_identification_helper" : { "cpe" : "cpe:/a:openbsd:openssh:gssapi_delta_linux_distributions" } } } ], "category" : "product_name", "name" : "OpenSSH" } ], "category" : "vendor", "name" : "Open Source" }, { "branches" : [ { "category" : "product_name", "name" : "Oracle Linux", "product" : { "name" : "Oracle Linux", "product_id" : "T004914", "product_identification_helper" : { "cpe" : "cpe:/o:oracle:linux:-" } } } ], "category" : "vendor", "name" : "Oracle" }, { "branches" : [ { "category" : "product_name", "name" : "RESF Rocky Linux", "product" : { "name" : "RESF Rocky Linux", "product_id" : "T032255", "product_identification_helper" : { "cpe" : "cpe:/o:resf:rocky_linux:-" } } } ], "category" : "vendor", "name" : "RESF" }, { "branches" : [ { "category" : "product_name", "name" : "Red Hat Enterprise Linux", "product" : { "name" : "Red Hat Enterprise Linux", "product_id" : "67646", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:enterprise_linux:-" } } } ], "category" : "vendor", "name" : "Red Hat" }, { "branches" : [ { "category" : "product_name", "name" : "Ubuntu Linux", "product" : { "name" : "Ubuntu Linux", "product_id" : "T051700", "product_identification_helper" : { "cpe" : "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category" : "vendor", "name" : "Ubuntu" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-3497", "product_status" : { "known_affected" : [ "2951", "67646", "T051700", "T051698", "T004914", "T032255", "74185" ] }, "release_date" : "2026-03-12T23:00:00.000+00:00", "title" : "CVE-2026-3497" } ] }