release date: 2025-02-19Changelog OpenSSH 9.9p2 with security patches * Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1 (inclusive) contained a logic error that allowed an on-path attacker (a.k.a MITM) to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1 (inclusive) is vulnerable to a memory/CPU denial-of-service related to the handling of SSH2_MSG_PING packets. This condition may be mitigated using the existing PerSourcePenalties feature. component namecomponent versioncomponent licensecomponent source OpenSSH9.9p2OpenSSH license OpenSSL3.0.15OpenSSL license Cygwin3.5.7Cygwin license (GPL/LGPL)Source code for Cygwin Copssh Server Admin GUI1.0.2Itefix EULA Copssh server8.8.0Itefix EULA 2025