ELSA-2023-4428

Опубликовано: 11 авг. 2023

Источник: oracle-oval

Платформа: Oracle Linux 6

Описание

ELSA-2023-4428: openssh security update (IMPORTANT)

[5.3p1-124.0.2]

Fix for CVE-2016-6210 incomplete fix [Orabug: 29375502][CVE-2016-6210]

[5.3p1-124.0.1]

Fix for CVE-2023-38408 [Orabug: 35672523]

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

openssh

5.3p1-124.0.2.el6_10

openssh-askpass

5.3p1-124.0.2.el6_10

openssh-clients

5.3p1-124.0.2.el6_10

openssh-ldap

5.3p1-124.0.2.el6_10

openssh-server

5.3p1-124.0.2.el6_10

pam_ssh_agent_auth

0.9.3-124.0.2.el6_10

Oracle Linux i686

openssh

5.3p1-124.0.2.el6_10

openssh-askpass

5.3p1-124.0.2.el6_10

openssh-clients

5.3p1-124.0.2.el6_10

openssh-ldap

5.3p1-124.0.2.el6_10

openssh-server

5.3p1-124.0.2.el6_10

pam_ssh_agent_auth

0.9.3-124.0.2.el6_10

Связанные CVE

CVE-2023-38408

CVE-2016-6210

Ссылки на источники

Связанные уязвимости

CVE-2016-6210

CVSS3: 5.9

ubuntu

больше 8 лет назад

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.

CVE-2016-6210

CVSS3: 5.3

redhat

почти 9 лет назад

CVE-2016-6210

CVSS3: 5.9

nvd

больше 8 лет назад

CVE-2016-6210

CVSS3: 5.9

debian

больше 8 лет назад

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user pa ...

CVE-2023-38408

CVSS3: 9.8

ubuntu

почти 2 года назад

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.