Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:0606

Опубликовано: 12 фев. 2024
Источник: rocky
Оценка: Moderate

Описание

Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

  • ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)

  • openssh: potential command injection via shell metacharacters (CVE-2023-51385)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
opensshaarch6419.el8_9.2openssh-8.0p1-19.el8_9.2.aarch64.rpm
openssh-cavsaarch6419.el8_9.2openssh-cavs-8.0p1-19.el8_9.2.aarch64.rpm
openssh-clientsaarch6419.el8_9.2openssh-clients-8.0p1-19.el8_9.2.aarch64.rpm
openssh-keycataarch6419.el8_9.2openssh-keycat-8.0p1-19.el8_9.2.aarch64.rpm
openssh-ldapaarch6419.el8_9.2openssh-ldap-8.0p1-19.el8_9.2.aarch64.rpm
openssh-serveraarch6419.el8_9.2openssh-server-8.0p1-19.el8_9.2.aarch64.rpm
pam_ssh_agent_authaarch647.19.el8_9.2pam_ssh_agent_auth-0.10.3-7.19.el8_9.2.aarch64.rpm

Показывать по

Связанные CVE

CVE-2023-48795
CVE-2023-51385

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2024-12164

oracle-oval
больше 1 года назад

ELSA-2024-12164: openssh security update (MODERATE)

oracle-oval логотип

ELSA-2024-1130

oracle-oval
больше 1 года назад

ELSA-2024-1130: openssh security update (MODERATE)

oracle-oval логотип

ELSA-2024-0606

oracle-oval
больше 1 года назад

ELSA-2024-0606: openssh security update (MODERATE)

redos логотип

ROS-20240319-01

CVSS3: 7.4
redos
больше 1 года назад

Множественные уязвимости openssh

ubuntu логотип

CVE-2023-51385

CVSS3: 6.5
ubuntu
больше 1 года назад

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.