Описание
Security update for openssh
This update for openssh fixes the following issues:
- CVE-2023-51385: Fixed command injection via user name or host name metacharacters (bsc#1218215).
Список пакетов
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
openssh-8.1p1-150200.5.46.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
openssh-8.1p1-150200.5.46.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
openssh-8.1p1-150200.5.46.1
openssh-askpass-gnome-8.1p1-150200.5.46.1
openssh-fips-8.1p1-150200.5.46.1
openssh-helpers-8.1p1-150200.5.46.1
SUSE Linux Enterprise Server 15 SP2-LTSS
openssh-8.1p1-150200.5.46.1
openssh-askpass-gnome-8.1p1-150200.5.46.1
openssh-fips-8.1p1-150200.5.46.1
openssh-helpers-8.1p1-150200.5.46.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
openssh-8.1p1-150200.5.46.1
openssh-askpass-gnome-8.1p1-150200.5.46.1
openssh-fips-8.1p1-150200.5.46.1
openssh-helpers-8.1p1-150200.5.46.1
Ссылки
- Link for SUSE-SU-2024:0603-1
- E-Mail link for SUSE-SU-2024:0603-1
- SUSE Security Ratings
- SUSE Bug 1218215
- SUSE CVE CVE-2023-51385 page
Описание
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:openssh-8.1p1-150200.5.46.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:openssh-8.1p1-150200.5.46.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:openssh-8.1p1-150200.5.46.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:openssh-askpass-gnome-8.1p1-150200.5.46.1
Ссылки
- CVE-2023-51385
- SUSE Bug 1218215
- SUSE Bug 1218708