Описание
ELSA-2024-0606: openssh security update (MODERATE)
[8.0p1-19.2]
- Forbid shell metasymbols in username/hostname Resolves: CVE-2023-51385
- Fix Terrapin attack Resolves: CVE-2023-48795
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
openssh-askpass
8.0p1-19.el8_9.2
openssh
8.0p1-19.el8_9.2
openssh-cavs
8.0p1-19.el8_9.2
openssh-clients
8.0p1-19.el8_9.2
openssh-keycat
8.0p1-19.el8_9.2
openssh-ldap
8.0p1-19.el8_9.2
openssh-server
8.0p1-19.el8_9.2
pam_ssh_agent_auth
0.10.3-7.19.el8_9.2
Oracle Linux x86_64
openssh-askpass
8.0p1-19.el8_9.2
openssh
8.0p1-19.el8_9.2
openssh-cavs
8.0p1-19.el8_9.2
openssh-clients
8.0p1-19.el8_9.2
openssh-keycat
8.0p1-19.el8_9.2
openssh-ldap
8.0p1-19.el8_9.2
openssh-server
8.0p1-19.el8_9.2
pam_ssh_agent_auth
0.10.3-7.19.el8_9.2
Связанные CVE
Связанные уязвимости
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.