release date: 2025-02-19Changelog OpenSSH 9.9p2 with security patches * Fix CVE-2025-26465 - ssh(1)(link is external) in OpenSSH versions 6.8p1 to 9.9p1 (inclusive) contained a logic error that allowed an on-path attacker (a.k.a MITM) to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. * Fix CVE-2025-26466 - sshd(8)(link is external) in OpenSSH versions 9.5p1 to 9.9p1 (inclusive) is vulnerable to a memory/CPU denial-of-service related to the handling of SSH2_MSG_PING packets. This condition may be mitigated using the existing PerSourcePenalties feature. component namecomponent versioncomponent licensecomponent source OpenSSH9.9p2OpenSSH license OpenSSL3.0.15OpenSSL license Cygwin3.5.7Cygwin license (GPL/LGPL)Source code for Cygwin Autossh1.4fAutossh license (Simplified BSD) Copssh client8.1.0Itefix free software license (Simplified BSD) 2025