Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:2645: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-25136: A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.
Red Hat Security Data
#vulnerability#linux#red_hat#auth#ssh#ibm

Synopsis

Moderate: openssh security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openssh is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

  • openssh: the functions order_hostkeyalgs() and list_hostkey_types() leads to double-free vulnerability (CVE-2023-25136)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2167636 - CVE-2023-25136 openssh: the functions order_hostkeyalgs() and list_hostkey_types() leads to double-free vulnerability

Red Hat Enterprise Linux for x86_64 9

SRPM

openssh-8.7p1-29.el9_2.src.rpm

SHA-256: c5bdd1ae721697ac3a75811f0fcb0f982fb4dc8f50c1675574841ca43c5f1d9b

x86_64

openssh-8.7p1-29.el9_2.x86_64.rpm

SHA-256: 1afb7eff0aba90bd478c52df96cb4c716cb07ab8b17861c05378fe2ea01526eb

openssh-askpass-8.7p1-29.el9_2.x86_64.rpm

SHA-256: 1260f17eea59feaf58ef5f56f08a4fb52d0cac29eab0e40ceaa643bf2d381698

openssh-askpass-debuginfo-8.7p1-29.el9_2.x86_64.rpm

SHA-256: 89adad8e2f06f052a8625d0f12eed2b9635db41611a6e1f68d8109e82810239f

openssh-askpass-debuginfo-8.7p1-29.el9_2.x86_64.rpm

SHA-256: 89adad8e2f06f052a8625d0f12eed2b9635db41611a6e1f68d8109e82810239f

openssh-clients-8.7p1-29.el9_2.x86_64.rpm

SHA-256: cd5d58f6a508761f37dcbb43cfc990771a5560d91087fe4e44bcbdb925f69dd5

openssh-clients-debuginfo-8.7p1-29.el9_2.x86_64.rpm

SHA-256: f851e187cf670f578e13384cb13dc69fa12806645a426b093d5b56af26c06002

openssh-clients-debuginfo-8.7p1-29.el9_2.x86_64.rpm

SHA-256: f851e187cf670f578e13384cb13dc69fa12806645a426b093d5b56af26c06002

openssh-debuginfo-8.7p1-29.el9_2.x86_64.rpm

SHA-256: 078f8ee8c6e4faf093a09d2416d11deadb211c486d0d0f19f9fd194979bbfc04

openssh-debuginfo-8.7p1-29.el9_2.x86_64.rpm

SHA-256: 078f8ee8c6e4faf093a09d2416d11deadb211c486d0d0f19f9fd194979bbfc04

openssh-debugsource-8.7p1-29.el9_2.x86_64.rpm

SHA-256: 65d273e11160743e8fd9c763d8e0b7385b32539b3f0874088ba705efe4e90907

openssh-debugsource-8.7p1-29.el9_2.x86_64.rpm

SHA-256: 65d273e11160743e8fd9c763d8e0b7385b32539b3f0874088ba705efe4e90907

openssh-keycat-8.7p1-29.el9_2.x86_64.rpm

SHA-256: 7c14c34f439dcbf432595901c20a1c0ec032e81fca476ee9c9f0b81fea2fc2a8

openssh-keycat-debuginfo-8.7p1-29.el9_2.x86_64.rpm

SHA-256: e59b9ebae3cb6132e4aebe8b107e09ce27e3fcc5787f064b294f055101ccfc41

openssh-keycat-debuginfo-8.7p1-29.el9_2.x86_64.rpm

SHA-256: e59b9ebae3cb6132e4aebe8b107e09ce27e3fcc5787f064b294f055101ccfc41

openssh-server-8.7p1-29.el9_2.x86_64.rpm

SHA-256: c91848c5436fb5eb5cc9366d65a5658629f70db71a6ceb59a11e1a8d6dc50d1e

openssh-server-debuginfo-8.7p1-29.el9_2.x86_64.rpm

SHA-256: 9a6e1fe0ba82e5e49822663ed96e1203e4b17580fce1a44c1460df51199c06f6

openssh-server-debuginfo-8.7p1-29.el9_2.x86_64.rpm

SHA-256: 9a6e1fe0ba82e5e49822663ed96e1203e4b17580fce1a44c1460df51199c06f6

openssh-sk-dummy-debuginfo-8.7p1-29.el9_2.x86_64.rpm

SHA-256: 09c91f0c239d70e7cb7fc946b7afb51d204cd9e8b8e88ac091149b84a315471b

openssh-sk-dummy-debuginfo-8.7p1-29.el9_2.x86_64.rpm

SHA-256: 09c91f0c239d70e7cb7fc946b7afb51d204cd9e8b8e88ac091149b84a315471b

pam_ssh_agent_auth-0.10.4-5.29.el9_2.x86_64.rpm

SHA-256: aae0ebd22c41f7c7a8739f800516674d6a0afeff2cd8674d1caa8df0f1fea6af

pam_ssh_agent_auth-debuginfo-0.10.4-5.29.el9_2.x86_64.rpm

SHA-256: dbba259ad61ed4fb72fd41d83ce44d3dee7dbb7c769d75dcd52ef5b100e5b3d9

pam_ssh_agent_auth-debuginfo-0.10.4-5.29.el9_2.x86_64.rpm

SHA-256: dbba259ad61ed4fb72fd41d83ce44d3dee7dbb7c769d75dcd52ef5b100e5b3d9

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

openssh-8.7p1-29.el9_2.src.rpm

SHA-256: c5bdd1ae721697ac3a75811f0fcb0f982fb4dc8f50c1675574841ca43c5f1d9b

s390x

openssh-8.7p1-29.el9_2.s390x.rpm

SHA-256: faab6f014dc82a8f4e68ca5f2de375865804e19e02f98490530bba4022b75e9c

openssh-askpass-8.7p1-29.el9_2.s390x.rpm

SHA-256: 9fc150d98641acdc2f14b34e70c663468e0dbf9a496e863cfa110e2577497cb9

openssh-askpass-debuginfo-8.7p1-29.el9_2.s390x.rpm

SHA-256: 264a0c2cf0788717b8c400b688365682e4bf20f0696e8836b700218d41e01fe9

openssh-askpass-debuginfo-8.7p1-29.el9_2.s390x.rpm

SHA-256: 264a0c2cf0788717b8c400b688365682e4bf20f0696e8836b700218d41e01fe9

openssh-clients-8.7p1-29.el9_2.s390x.rpm

SHA-256: a4fe536f2ce0ab8a2bc25942b92a567298201196c47b358f605db41d72b48292

openssh-clients-debuginfo-8.7p1-29.el9_2.s390x.rpm

SHA-256: b2d9e924dfa9588659cfb7796c0125447adaa119ed9954e0866e218083bea071

openssh-clients-debuginfo-8.7p1-29.el9_2.s390x.rpm

SHA-256: b2d9e924dfa9588659cfb7796c0125447adaa119ed9954e0866e218083bea071

openssh-debuginfo-8.7p1-29.el9_2.s390x.rpm

SHA-256: 6a1f602e086d1a20fa030ba88d14d23b0e2ba66803198004ba45fc1dce033da8

openssh-debuginfo-8.7p1-29.el9_2.s390x.rpm

SHA-256: 6a1f602e086d1a20fa030ba88d14d23b0e2ba66803198004ba45fc1dce033da8

openssh-debugsource-8.7p1-29.el9_2.s390x.rpm

SHA-256: 6e95cc23389b9b4a4ff7a1d21a8a39dc542e41fcd42b39308f077eb629c1b745

openssh-debugsource-8.7p1-29.el9_2.s390x.rpm

SHA-256: 6e95cc23389b9b4a4ff7a1d21a8a39dc542e41fcd42b39308f077eb629c1b745

openssh-keycat-8.7p1-29.el9_2.s390x.rpm

SHA-256: 7a70243e7c2925b06fe751e4d6f8b8f42ba9143fcb31fd6923d9f4443e94fbfb

openssh-keycat-debuginfo-8.7p1-29.el9_2.s390x.rpm

SHA-256: ca1ad941047e9ed97a2e3456adde4845505f1619a73fd819157201c10a2c294b

openssh-keycat-debuginfo-8.7p1-29.el9_2.s390x.rpm

SHA-256: ca1ad941047e9ed97a2e3456adde4845505f1619a73fd819157201c10a2c294b

openssh-server-8.7p1-29.el9_2.s390x.rpm

SHA-256: d1a0b4e361a2d995b0a5966713f9135956fb2897cf05eb148ab1440e01d5155c

openssh-server-debuginfo-8.7p1-29.el9_2.s390x.rpm

SHA-256: 1686a3d1263597f0f545c6f73a3b287ad9f2bb05b21a8603907ecb7bb218db25

openssh-server-debuginfo-8.7p1-29.el9_2.s390x.rpm

SHA-256: 1686a3d1263597f0f545c6f73a3b287ad9f2bb05b21a8603907ecb7bb218db25

openssh-sk-dummy-debuginfo-8.7p1-29.el9_2.s390x.rpm

SHA-256: 388ede8152047128ee10cbe1732fa493ae225d81b93d517d76302d6f480a86ab

openssh-sk-dummy-debuginfo-8.7p1-29.el9_2.s390x.rpm

SHA-256: 388ede8152047128ee10cbe1732fa493ae225d81b93d517d76302d6f480a86ab

pam_ssh_agent_auth-0.10.4-5.29.el9_2.s390x.rpm

SHA-256: b91015f1e8b87ab7866ff232169bb49c8026d75abf457aab05053de2b09cfcca

pam_ssh_agent_auth-debuginfo-0.10.4-5.29.el9_2.s390x.rpm

SHA-256: df0278059af4ec81ba1ba7050afe159de39afd1681f3a6a5c424118ead87a90f

pam_ssh_agent_auth-debuginfo-0.10.4-5.29.el9_2.s390x.rpm

SHA-256: df0278059af4ec81ba1ba7050afe159de39afd1681f3a6a5c424118ead87a90f

Red Hat Enterprise Linux for Power, little endian 9

SRPM

openssh-8.7p1-29.el9_2.src.rpm

SHA-256: c5bdd1ae721697ac3a75811f0fcb0f982fb4dc8f50c1675574841ca43c5f1d9b

ppc64le

openssh-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: 085800e1c30e100ea48d7af16f42920d366ffb73413bd2fbf528114e7d1050a2

openssh-askpass-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: 42ea833a8a1cb10a60236b075c72447aa89cb10f003509be697f2367c0ac8c94

openssh-askpass-debuginfo-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: 6c7b4cdec986a64bcb24ca53aaa8afab939e825d28a9209acc9c18a96d299ee7

openssh-askpass-debuginfo-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: 6c7b4cdec986a64bcb24ca53aaa8afab939e825d28a9209acc9c18a96d299ee7

openssh-clients-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: 297cb2ce722892547b4b1d74748d8b505ef8a65944c73085d3c82c23dd394961

openssh-clients-debuginfo-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: 40dd3776c6f620c1416965088eda20319db36a64c8b2d433baaaf9b31dff62aa

openssh-clients-debuginfo-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: 40dd3776c6f620c1416965088eda20319db36a64c8b2d433baaaf9b31dff62aa

openssh-debuginfo-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: 5397fade5fe78e23f1874f564837db7a5c721df6dc858a66d3094629da454513

openssh-debuginfo-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: 5397fade5fe78e23f1874f564837db7a5c721df6dc858a66d3094629da454513

openssh-debugsource-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: 78bdcc67c79ec3f30bb5b19ea8c800572bc9d60b57a94eb851b5bdd6b2113ae8

openssh-debugsource-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: 78bdcc67c79ec3f30bb5b19ea8c800572bc9d60b57a94eb851b5bdd6b2113ae8

openssh-keycat-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: 1609fe1ed505185e07c3cb5af28bf7eb3dc902ab4f2508fe7f1ed33b7ee35748

openssh-keycat-debuginfo-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: 389bd16eb53ada8e8fbaa8dcc4705c350cf7104d1ed480f5abba66a086f949c9

openssh-keycat-debuginfo-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: 389bd16eb53ada8e8fbaa8dcc4705c350cf7104d1ed480f5abba66a086f949c9

openssh-server-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: 5d4403b4b2a5bbf2b7b65efdcf609d3744efa13944c85a41a1eedf31d1ddb63e

openssh-server-debuginfo-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: d196e86eaee8e8f1446148e9abe041c80548430b71fd41ab5b3d8e02cbd598b1

openssh-server-debuginfo-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: d196e86eaee8e8f1446148e9abe041c80548430b71fd41ab5b3d8e02cbd598b1

openssh-sk-dummy-debuginfo-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: e668857c35aab2c11377a9077f0cb4bfde8e85a30e376591dfbd0c731ac655db

openssh-sk-dummy-debuginfo-8.7p1-29.el9_2.ppc64le.rpm

SHA-256: e668857c35aab2c11377a9077f0cb4bfde8e85a30e376591dfbd0c731ac655db

pam_ssh_agent_auth-0.10.4-5.29.el9_2.ppc64le.rpm

SHA-256: ad0cac44c9f2e1c7bb1edb87e7463972422e761cd84c94338c18aaeea71605bc

pam_ssh_agent_auth-debuginfo-0.10.4-5.29.el9_2.ppc64le.rpm

SHA-256: 7c4acb08c4ff299561a84de663fa6c290683f174915be36bda7888ef3bd686f4

pam_ssh_agent_auth-debuginfo-0.10.4-5.29.el9_2.ppc64le.rpm

SHA-256: 7c4acb08c4ff299561a84de663fa6c290683f174915be36bda7888ef3bd686f4

Red Hat Enterprise Linux for ARM 64 9

SRPM

openssh-8.7p1-29.el9_2.src.rpm

SHA-256: c5bdd1ae721697ac3a75811f0fcb0f982fb4dc8f50c1675574841ca43c5f1d9b

aarch64

openssh-8.7p1-29.el9_2.aarch64.rpm

SHA-256: d5175386359717a3f56fc1be870259057e1efd02676b2056080944d52d5a2d5a

openssh-askpass-8.7p1-29.el9_2.aarch64.rpm

SHA-256: 3280ebbcdb37fb77b7c8f0486d1a5d2ebcdda007b9d1454d570d19f4d119e9f7

openssh-askpass-debuginfo-8.7p1-29.el9_2.aarch64.rpm

SHA-256: 7a21443ced394c65b77947a2c0c07307710fc274bf725e6270f9b3d837c1ff92

openssh-askpass-debuginfo-8.7p1-29.el9_2.aarch64.rpm

SHA-256: 7a21443ced394c65b77947a2c0c07307710fc274bf725e6270f9b3d837c1ff92

openssh-clients-8.7p1-29.el9_2.aarch64.rpm

SHA-256: 5f3365b6700497e3163c25e19421abea9165daca2a786244ed9f949be2d7753d

openssh-clients-debuginfo-8.7p1-29.el9_2.aarch64.rpm

SHA-256: 671bafc6548a19ad95d26fd5b604af364d8299cc34204d2f6b47dd255877a7ac

openssh-clients-debuginfo-8.7p1-29.el9_2.aarch64.rpm

SHA-256: 671bafc6548a19ad95d26fd5b604af364d8299cc34204d2f6b47dd255877a7ac

openssh-debuginfo-8.7p1-29.el9_2.aarch64.rpm

SHA-256: 454e277174772d0ff60d78dc20aada5d26f069c8812487bf7f53c6000866b596

openssh-debuginfo-8.7p1-29.el9_2.aarch64.rpm

SHA-256: 454e277174772d0ff60d78dc20aada5d26f069c8812487bf7f53c6000866b596

openssh-debugsource-8.7p1-29.el9_2.aarch64.rpm

SHA-256: 0f477d36cb0607c833767e8bca7dc5a8fe314c154f4a0b4cd7878a6d6f0babc6

openssh-debugsource-8.7p1-29.el9_2.aarch64.rpm

SHA-256: 0f477d36cb0607c833767e8bca7dc5a8fe314c154f4a0b4cd7878a6d6f0babc6

openssh-keycat-8.7p1-29.el9_2.aarch64.rpm

SHA-256: dc6a95f2741c00fbf4b439506666bf020e84f1bed508143e7b863b9bc2fb10c3

openssh-keycat-debuginfo-8.7p1-29.el9_2.aarch64.rpm

SHA-256: a9ef6441df5c978a36b61cbe5ca0d3e520c4435638388b0edcf1fc9afa4a9c52

openssh-keycat-debuginfo-8.7p1-29.el9_2.aarch64.rpm

SHA-256: a9ef6441df5c978a36b61cbe5ca0d3e520c4435638388b0edcf1fc9afa4a9c52

openssh-server-8.7p1-29.el9_2.aarch64.rpm

SHA-256: 8c348310518b9dbc7ce3b7aa80e4bf12600b19bb509d1fc88886463cf613d430

openssh-server-debuginfo-8.7p1-29.el9_2.aarch64.rpm

SHA-256: b1025a9eacbaaf6e3154d72e11395e4763796471d85567064fe652a2211c65f9

openssh-server-debuginfo-8.7p1-29.el9_2.aarch64.rpm

SHA-256: b1025a9eacbaaf6e3154d72e11395e4763796471d85567064fe652a2211c65f9

openssh-sk-dummy-debuginfo-8.7p1-29.el9_2.aarch64.rpm

SHA-256: e30fd8309f390adf9ec1656559dacbc5ea43e56434e2d03cd3bcfdd634ffcc5e

openssh-sk-dummy-debuginfo-8.7p1-29.el9_2.aarch64.rpm

SHA-256: e30fd8309f390adf9ec1656559dacbc5ea43e56434e2d03cd3bcfdd634ffcc5e

pam_ssh_agent_auth-0.10.4-5.29.el9_2.aarch64.rpm

SHA-256: 8bb5631d2da6596748d97cea0b7ec4e393575684a46f3897c04c6fb5951248f8

pam_ssh_agent_auth-debuginfo-0.10.4-5.29.el9_2.aarch64.rpm

SHA-256: 738e5868ab40434a48a6b0f5c7b67c2de9e5939e1dbc209626e8d1ea163decf8

pam_ssh_agent_auth-debuginfo-0.10.4-5.29.el9_2.aarch64.rpm

SHA-256: 738e5868ab40434a48a6b0f5c7b67c2de9e5939e1dbc209626e8d1ea163decf8

Related news

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Update now! February's Patch Tuesday tackles three zero-days

Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: Microsoft Tags: Apple Tags: Adobe Tags: SAP Tags: Citrix Tags: Cisco Tags: Atlassian Tags: Google Tags: Mozilla Tags: Forta Tags: OpenSSH Tags: CVE-2023-21823 Tags: CVE-2023-21715 Tags: OneNote Tags: CVE-2023-23376 Tags: CVE-2023-21706 Tags: CVE-2023-21707 Tags: CVE-2023-21529 Tags: CVE-2023-21716 Tags: CVE-2023-23378 Tags: CVE-2023-22501 Tags: CVE-2023-24486 Tags: CVE-2023-24484 Tags: CVE-2023-24484 Tags: CVE-2023-24483 Tags: CVE-2023-25136 Tags: GoAnywhere Microsoft has released updates to patch three zero-days and lots of other vulnerabilities and so have several other vendors (Read more...) The post Update now! February's Patch Tuesday tackles three zero-days appeared first on Malwarebytes Labs.

OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability

The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server (sshd). Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1. "This is not believed to be exploitable, and it occurs in the unprivileged pre-auth

CVE-2023-25136

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that "exploiting this vulnerability will not be easy."