Headline
Red Hat Security Advisory 2023-4419-01
Red Hat Security Advisory 2023-4419-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: openssh security update
Advisory ID: RHSA-2023:4419-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4419
Issue date: 2023-08-01
CVE Names: CVE-2023-38408
=====================================================================
- Summary:
An update for openssh is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
OpenSSH is an SSH protocol implementation supported by a number of Linux,
UNIX, and similar operating systems. It includes the core files necessary
for both the OpenSSH client and server.
Security Fix(es):
- openssh: Remote code execution in ssh-agent PKCS#11 support
(CVE-2023-38408)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the OpenSSH server daemon (sshd) will be
restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
2224173 - CVE-2023-38408 openssh: Remote code execution in ssh-agent PKCS#11 support
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
aarch64:
openssh-askpass-8.0p1-19.el8_8.aarch64.rpm
openssh-askpass-debuginfo-8.0p1-19.el8_8.aarch64.rpm
openssh-cavs-debuginfo-8.0p1-19.el8_8.aarch64.rpm
openssh-clients-debuginfo-8.0p1-19.el8_8.aarch64.rpm
openssh-debuginfo-8.0p1-19.el8_8.aarch64.rpm
openssh-debugsource-8.0p1-19.el8_8.aarch64.rpm
openssh-keycat-debuginfo-8.0p1-19.el8_8.aarch64.rpm
openssh-ldap-debuginfo-8.0p1-19.el8_8.aarch64.rpm
openssh-server-debuginfo-8.0p1-19.el8_8.aarch64.rpm
pam_ssh_agent_auth-debuginfo-0.10.3-7.19.el8_8.aarch64.rpm
ppc64le:
openssh-askpass-8.0p1-19.el8_8.ppc64le.rpm
openssh-askpass-debuginfo-8.0p1-19.el8_8.ppc64le.rpm
openssh-cavs-debuginfo-8.0p1-19.el8_8.ppc64le.rpm
openssh-clients-debuginfo-8.0p1-19.el8_8.ppc64le.rpm
openssh-debuginfo-8.0p1-19.el8_8.ppc64le.rpm
openssh-debugsource-8.0p1-19.el8_8.ppc64le.rpm
openssh-keycat-debuginfo-8.0p1-19.el8_8.ppc64le.rpm
openssh-ldap-debuginfo-8.0p1-19.el8_8.ppc64le.rpm
openssh-server-debuginfo-8.0p1-19.el8_8.ppc64le.rpm
pam_ssh_agent_auth-debuginfo-0.10.3-7.19.el8_8.ppc64le.rpm
s390x:
openssh-askpass-8.0p1-19.el8_8.s390x.rpm
openssh-askpass-debuginfo-8.0p1-19.el8_8.s390x.rpm
openssh-cavs-debuginfo-8.0p1-19.el8_8.s390x.rpm
openssh-clients-debuginfo-8.0p1-19.el8_8.s390x.rpm
openssh-debuginfo-8.0p1-19.el8_8.s390x.rpm
openssh-debugsource-8.0p1-19.el8_8.s390x.rpm
openssh-keycat-debuginfo-8.0p1-19.el8_8.s390x.rpm
openssh-ldap-debuginfo-8.0p1-19.el8_8.s390x.rpm
openssh-server-debuginfo-8.0p1-19.el8_8.s390x.rpm
pam_ssh_agent_auth-debuginfo-0.10.3-7.19.el8_8.s390x.rpm
x86_64:
openssh-askpass-8.0p1-19.el8_8.x86_64.rpm
openssh-askpass-debuginfo-8.0p1-19.el8_8.x86_64.rpm
openssh-cavs-debuginfo-8.0p1-19.el8_8.x86_64.rpm
openssh-clients-debuginfo-8.0p1-19.el8_8.x86_64.rpm
openssh-debuginfo-8.0p1-19.el8_8.x86_64.rpm
openssh-debugsource-8.0p1-19.el8_8.x86_64.rpm
openssh-keycat-debuginfo-8.0p1-19.el8_8.x86_64.rpm
openssh-ldap-debuginfo-8.0p1-19.el8_8.x86_64.rpm
openssh-server-debuginfo-8.0p1-19.el8_8.x86_64.rpm
pam_ssh_agent_auth-debuginfo-0.10.3-7.19.el8_8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
openssh-8.0p1-19.el8_8.src.rpm
aarch64:
openssh-8.0p1-19.el8_8.aarch64.rpm
openssh-askpass-debuginfo-8.0p1-19.el8_8.aarch64.rpm
openssh-cavs-8.0p1-19.el8_8.aarch64.rpm
openssh-cavs-debuginfo-8.0p1-19.el8_8.aarch64.rpm
openssh-clients-8.0p1-19.el8_8.aarch64.rpm
openssh-clients-debuginfo-8.0p1-19.el8_8.aarch64.rpm
openssh-debuginfo-8.0p1-19.el8_8.aarch64.rpm
openssh-debugsource-8.0p1-19.el8_8.aarch64.rpm
openssh-keycat-8.0p1-19.el8_8.aarch64.rpm
openssh-keycat-debuginfo-8.0p1-19.el8_8.aarch64.rpm
openssh-ldap-8.0p1-19.el8_8.aarch64.rpm
openssh-ldap-debuginfo-8.0p1-19.el8_8.aarch64.rpm
openssh-server-8.0p1-19.el8_8.aarch64.rpm
openssh-server-debuginfo-8.0p1-19.el8_8.aarch64.rpm
pam_ssh_agent_auth-0.10.3-7.19.el8_8.aarch64.rpm
pam_ssh_agent_auth-debuginfo-0.10.3-7.19.el8_8.aarch64.rpm
ppc64le:
openssh-8.0p1-19.el8_8.ppc64le.rpm
openssh-askpass-debuginfo-8.0p1-19.el8_8.ppc64le.rpm
openssh-cavs-8.0p1-19.el8_8.ppc64le.rpm
openssh-cavs-debuginfo-8.0p1-19.el8_8.ppc64le.rpm
openssh-clients-8.0p1-19.el8_8.ppc64le.rpm
openssh-clients-debuginfo-8.0p1-19.el8_8.ppc64le.rpm
openssh-debuginfo-8.0p1-19.el8_8.ppc64le.rpm
openssh-debugsource-8.0p1-19.el8_8.ppc64le.rpm
openssh-keycat-8.0p1-19.el8_8.ppc64le.rpm
openssh-keycat-debuginfo-8.0p1-19.el8_8.ppc64le.rpm
openssh-ldap-8.0p1-19.el8_8.ppc64le.rpm
openssh-ldap-debuginfo-8.0p1-19.el8_8.ppc64le.rpm
openssh-server-8.0p1-19.el8_8.ppc64le.rpm
openssh-server-debuginfo-8.0p1-19.el8_8.ppc64le.rpm
pam_ssh_agent_auth-0.10.3-7.19.el8_8.ppc64le.rpm
pam_ssh_agent_auth-debuginfo-0.10.3-7.19.el8_8.ppc64le.rpm
s390x:
openssh-8.0p1-19.el8_8.s390x.rpm
openssh-askpass-debuginfo-8.0p1-19.el8_8.s390x.rpm
openssh-cavs-8.0p1-19.el8_8.s390x.rpm
openssh-cavs-debuginfo-8.0p1-19.el8_8.s390x.rpm
openssh-clients-8.0p1-19.el8_8.s390x.rpm
openssh-clients-debuginfo-8.0p1-19.el8_8.s390x.rpm
openssh-debuginfo-8.0p1-19.el8_8.s390x.rpm
openssh-debugsource-8.0p1-19.el8_8.s390x.rpm
openssh-keycat-8.0p1-19.el8_8.s390x.rpm
openssh-keycat-debuginfo-8.0p1-19.el8_8.s390x.rpm
openssh-ldap-8.0p1-19.el8_8.s390x.rpm
openssh-ldap-debuginfo-8.0p1-19.el8_8.s390x.rpm
openssh-server-8.0p1-19.el8_8.s390x.rpm
openssh-server-debuginfo-8.0p1-19.el8_8.s390x.rpm
pam_ssh_agent_auth-0.10.3-7.19.el8_8.s390x.rpm
pam_ssh_agent_auth-debuginfo-0.10.3-7.19.el8_8.s390x.rpm
x86_64:
openssh-8.0p1-19.el8_8.x86_64.rpm
openssh-askpass-debuginfo-8.0p1-19.el8_8.x86_64.rpm
openssh-cavs-8.0p1-19.el8_8.x86_64.rpm
openssh-cavs-debuginfo-8.0p1-19.el8_8.x86_64.rpm
openssh-clients-8.0p1-19.el8_8.x86_64.rpm
openssh-clients-debuginfo-8.0p1-19.el8_8.x86_64.rpm
openssh-debuginfo-8.0p1-19.el8_8.x86_64.rpm
openssh-debugsource-8.0p1-19.el8_8.x86_64.rpm
openssh-keycat-8.0p1-19.el8_8.x86_64.rpm
openssh-keycat-debuginfo-8.0p1-19.el8_8.x86_64.rpm
openssh-ldap-8.0p1-19.el8_8.x86_64.rpm
openssh-ldap-debuginfo-8.0p1-19.el8_8.x86_64.rpm
openssh-server-8.0p1-19.el8_8.x86_64.rpm
openssh-server-debuginfo-8.0p1-19.el8_8.x86_64.rpm
pam_ssh_agent_auth-0.10.3-7.19.el8_8.x86_64.rpm
pam_ssh_agent_auth-debuginfo-0.10.3-7.19.el8_8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2023-38408
https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJkyWkPAAoJENzjgjWX9erEPAQP/1kvj5+rlNhohPVSNmMf86PN
9Sirpa8NRl0ecZboj29zVq7FCklUvebj6uCeWdv4X+YjoUj6zSDsN7sLMHx3nz7f
x8zRUMC8Unju9lNC1/EinkU5d32jLpqF9JKvB+qsD1f6gG7TCPjBYAODfj+CRQ0D
mtBPxTcYUp+qUe7CQrdwZsIaEenkQ7FIUl6XT1gvO2oR7Cp4NdyDFPlcECWK3Y0e
IdJDaq/dQ6zRJVzmvEVJK717vaSB+fOCBcrEsI5MHXvvYR0e02yEbhEi6a84bV9G
vK7J+u82VCUgUqBUbJJQsztxqkO6yebu+0O8Qo5EdqmOmLoUMv+1u79rgFQ2O+Ld
eoVvo6jaLyAAi4IgZPsERlRK9AtVhgE8dZDnisJsDskGkuBpNACBqaDpOuP9fi2o
/da2IHAFog3A5YIUMGXZyr0m8+SWxXroEFJwzmtrdgUNLaQXGgUbKaWi8aCE259j
BZStxbTL8gOrVoYj7QXKOiIz5V0UbOq2Su++y8uQDA9uSGEe2Fz9FwiUOOv69ubv
SWtCpFZInqbHJHWs4Zd78q+NI3JKTgMO596X/KoPZW7mJBB7bDoZQK/3VQlhysuL
Htk2WKAsMU0iciXltts9GGpGCqsJ+/Jeooidoa1lnLTtl5q5y3axn7e1ZErQm4SL
DDESp4Fh/sswQTI/NpgE
=oTvc
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
An update is now available for Red Hat OpenShift GitOps 1.9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40029: A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via i...
Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.
Red Hat Security Advisory 2023-4972-01 - Multicluster Engine for Kubernetes 2.1.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a bypass vulnerability.
The Migration Toolkit for Containers (MTC) 1.7.12 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24532: A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.
Red Hat Advanced Cluster Management for Kubernetes 2.8.1 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3027: The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created polic...
IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.
Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Red Hat Security Advisory 2023-4576-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.
Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Red Hat Security Advisory 2023-4413-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.
An update for openssh is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an a...
Ubuntu Security Notice 6242-2 - USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.
An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the...
An update for openssh is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw al...
An update for openssh is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an ...
Red Hat Security Advisory 2023-4329-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.
An update for openssh is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an at...
Ubuntu Security Notice 6242-1 - It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.
The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.