Описание
ELSA-2023-4419: openssh security update (IMPORTANT)
[8.0p1-19]
- Release bump
[8.0p1-18]
- Avoid remote code execution in ssh-agent PKCS#11 support Resolves: CVE-2023-38408
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
openssh
8.0p1-19.el8_8
openssh-askpass
8.0p1-19.el8_8
openssh-cavs
8.0p1-19.el8_8
openssh-clients
8.0p1-19.el8_8
openssh-keycat
8.0p1-19.el8_8
openssh-ldap
8.0p1-19.el8_8
openssh-server
8.0p1-19.el8_8
pam_ssh_agent_auth
0.10.3-7.19.el8_8
Oracle Linux x86_64
openssh
8.0p1-19.el8_8
openssh-askpass
8.0p1-19.el8_8
openssh-cavs
8.0p1-19.el8_8
openssh-clients
8.0p1-19.el8_8
openssh-keycat
8.0p1-19.el8_8
openssh-ldap
8.0p1-19.el8_8
openssh-server
8.0p1-19.el8_8
pam_ssh_agent_auth
0.10.3-7.19.el8_8
Связанные CVE
Связанные уязвимости
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insuff ...
