* OpenSSH client host verification error (CVE-2025-26465)
ssh(1) contains a logic error that allows an on-path attacker to impersonate any server during certain conditions when the VerifyHostKeyDNS option is enabled.
* OpenSSH server denial of service (CVE-2025-26466)
The OpenSSH client and server are both vulnerable to a memory/CPU denial of service while handling SSH2_MSG_PING packets.
