Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4382: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.
Red Hat Security Data
#vulnerability#linux#red_hat#rce#ldap#auth#ssh#ibm

Synopsis

Important: openssh security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openssh is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

  • openssh: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 2224173 - CVE-2023-38408 openssh: Remote code execution in ssh-agent PKCS#11 support

Red Hat Enterprise Linux Server 7

SRPM

openssh-7.4p1-23.el7_9.src.rpm

SHA-256: 10bf72b58e0b43c3fb6476d14a69a05eeaaeee410875d1b69af4ffe34ae26854

x86_64

openssh-7.4p1-23.el7_9.x86_64.rpm

SHA-256: c5669ed51d4a17b5948d545720ca589608795c6ca786b32f5c9e710d40080ebe

openssh-askpass-7.4p1-23.el7_9.x86_64.rpm

SHA-256: e3d2f528256477d955de38d023fa7747b4e94707bbdf8382c79b17f275a6b190

openssh-cavs-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 246b93b455828023c0c6ecf4a6710f0ab699c5320c40a253c8156ddd9f93ce13

openssh-clients-7.4p1-23.el7_9.x86_64.rpm

SHA-256: c370165cd929120919d4fe09ef77f5ef01fae400603fba5d265076e868f4f560

openssh-debuginfo-7.4p1-23.el7_9.i686.rpm

SHA-256: 3e8fcb4a4987da99bd1bbd125db1a470f8366905c960fcdf9d772d5fc9ea1950

openssh-debuginfo-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 234c3793298675bf03cd7c25b288aac4f1ad60d59ac072f89d22a9a9a65d7f45

openssh-debuginfo-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 234c3793298675bf03cd7c25b288aac4f1ad60d59ac072f89d22a9a9a65d7f45

openssh-keycat-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 26e3ab77bf213d77d21c79dda171365ce6d8bd5707b7d350a093dfb83ca0c1a1

openssh-ldap-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 8f85b802f65e00f4dbee79afc33033c128c5f560ad29b3211511c9e0ae34825d

openssh-server-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 6e871efc6ccbafa8f42fec9a9579ce96db9184af829d2df4be252a568fb105a0

openssh-server-sysvinit-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 30a72fcae69a57ae9691c1e7366f65217d31eb9149b7b41a94eec31342adf45f

pam_ssh_agent_auth-0.10.3-2.23.el7_9.i686.rpm

SHA-256: 1a1d7777e987ccc581db8c9adf9a48ad3f0a06d4ac819ad9e51642f50032c3e9

pam_ssh_agent_auth-0.10.3-2.23.el7_9.x86_64.rpm

SHA-256: f9f2145d9dbbf6ff4a270d9c29ff6412390bd216f5819090b079307af748becf

Red Hat Enterprise Linux Workstation 7

SRPM

openssh-7.4p1-23.el7_9.src.rpm

SHA-256: 10bf72b58e0b43c3fb6476d14a69a05eeaaeee410875d1b69af4ffe34ae26854

x86_64

openssh-7.4p1-23.el7_9.x86_64.rpm

SHA-256: c5669ed51d4a17b5948d545720ca589608795c6ca786b32f5c9e710d40080ebe

openssh-askpass-7.4p1-23.el7_9.x86_64.rpm

SHA-256: e3d2f528256477d955de38d023fa7747b4e94707bbdf8382c79b17f275a6b190

openssh-cavs-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 246b93b455828023c0c6ecf4a6710f0ab699c5320c40a253c8156ddd9f93ce13

openssh-clients-7.4p1-23.el7_9.x86_64.rpm

SHA-256: c370165cd929120919d4fe09ef77f5ef01fae400603fba5d265076e868f4f560

openssh-debuginfo-7.4p1-23.el7_9.i686.rpm

SHA-256: 3e8fcb4a4987da99bd1bbd125db1a470f8366905c960fcdf9d772d5fc9ea1950

openssh-debuginfo-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 234c3793298675bf03cd7c25b288aac4f1ad60d59ac072f89d22a9a9a65d7f45

openssh-debuginfo-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 234c3793298675bf03cd7c25b288aac4f1ad60d59ac072f89d22a9a9a65d7f45

openssh-keycat-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 26e3ab77bf213d77d21c79dda171365ce6d8bd5707b7d350a093dfb83ca0c1a1

openssh-ldap-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 8f85b802f65e00f4dbee79afc33033c128c5f560ad29b3211511c9e0ae34825d

openssh-server-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 6e871efc6ccbafa8f42fec9a9579ce96db9184af829d2df4be252a568fb105a0

openssh-server-sysvinit-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 30a72fcae69a57ae9691c1e7366f65217d31eb9149b7b41a94eec31342adf45f

pam_ssh_agent_auth-0.10.3-2.23.el7_9.i686.rpm

SHA-256: 1a1d7777e987ccc581db8c9adf9a48ad3f0a06d4ac819ad9e51642f50032c3e9

pam_ssh_agent_auth-0.10.3-2.23.el7_9.x86_64.rpm

SHA-256: f9f2145d9dbbf6ff4a270d9c29ff6412390bd216f5819090b079307af748becf

Red Hat Enterprise Linux Desktop 7

SRPM

openssh-7.4p1-23.el7_9.src.rpm

SHA-256: 10bf72b58e0b43c3fb6476d14a69a05eeaaeee410875d1b69af4ffe34ae26854

x86_64

openssh-7.4p1-23.el7_9.x86_64.rpm

SHA-256: c5669ed51d4a17b5948d545720ca589608795c6ca786b32f5c9e710d40080ebe

openssh-askpass-7.4p1-23.el7_9.x86_64.rpm

SHA-256: e3d2f528256477d955de38d023fa7747b4e94707bbdf8382c79b17f275a6b190

openssh-cavs-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 246b93b455828023c0c6ecf4a6710f0ab699c5320c40a253c8156ddd9f93ce13

openssh-clients-7.4p1-23.el7_9.x86_64.rpm

SHA-256: c370165cd929120919d4fe09ef77f5ef01fae400603fba5d265076e868f4f560

openssh-debuginfo-7.4p1-23.el7_9.i686.rpm

SHA-256: 3e8fcb4a4987da99bd1bbd125db1a470f8366905c960fcdf9d772d5fc9ea1950

openssh-debuginfo-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 234c3793298675bf03cd7c25b288aac4f1ad60d59ac072f89d22a9a9a65d7f45

openssh-debuginfo-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 234c3793298675bf03cd7c25b288aac4f1ad60d59ac072f89d22a9a9a65d7f45

openssh-keycat-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 26e3ab77bf213d77d21c79dda171365ce6d8bd5707b7d350a093dfb83ca0c1a1

openssh-ldap-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 8f85b802f65e00f4dbee79afc33033c128c5f560ad29b3211511c9e0ae34825d

openssh-server-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 6e871efc6ccbafa8f42fec9a9579ce96db9184af829d2df4be252a568fb105a0

openssh-server-sysvinit-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 30a72fcae69a57ae9691c1e7366f65217d31eb9149b7b41a94eec31342adf45f

pam_ssh_agent_auth-0.10.3-2.23.el7_9.i686.rpm

SHA-256: 1a1d7777e987ccc581db8c9adf9a48ad3f0a06d4ac819ad9e51642f50032c3e9

pam_ssh_agent_auth-0.10.3-2.23.el7_9.x86_64.rpm

SHA-256: f9f2145d9dbbf6ff4a270d9c29ff6412390bd216f5819090b079307af748becf

Red Hat Enterprise Linux for IBM z Systems 7

SRPM

openssh-7.4p1-23.el7_9.src.rpm

SHA-256: 10bf72b58e0b43c3fb6476d14a69a05eeaaeee410875d1b69af4ffe34ae26854

s390x

openssh-7.4p1-23.el7_9.s390x.rpm

SHA-256: 2d53d7c77da450483a03d6113c00ef1c392a6cc2f74fa113b758c31b34910c93

openssh-askpass-7.4p1-23.el7_9.s390x.rpm

SHA-256: 924fd98f020e3b7be014473079fb65dd133c9367c081c3cefada2c1436b30df7

openssh-cavs-7.4p1-23.el7_9.s390x.rpm

SHA-256: 72ffa720c534401b0d603be6b96abf38deef78b853fa27a989b6bdaf4c7551dd

openssh-clients-7.4p1-23.el7_9.s390x.rpm

SHA-256: 393329c381cb513e8db56e8b5e06f1521f4490317c3746ef3b1f88a3ffc5ab00

openssh-debuginfo-7.4p1-23.el7_9.s390.rpm

SHA-256: b1540d420e4f404b132a5707fe677bd297354d7a1212044f0b951872609c0713

openssh-debuginfo-7.4p1-23.el7_9.s390x.rpm

SHA-256: aaaa7f614f430d205d30a7b45f3eae61c4b21af31429f425624c8b21235564ab

openssh-debuginfo-7.4p1-23.el7_9.s390x.rpm

SHA-256: aaaa7f614f430d205d30a7b45f3eae61c4b21af31429f425624c8b21235564ab

openssh-keycat-7.4p1-23.el7_9.s390x.rpm

SHA-256: c8138d1f0ea3fc4e2b78d5f540e1dcf734dec5771e80de0dad9ac12c186891ab

openssh-ldap-7.4p1-23.el7_9.s390x.rpm

SHA-256: fd2867f25ed90ab77d73fa16341d0d5a0edaca41081fbfd43f764b441cf16401

openssh-server-7.4p1-23.el7_9.s390x.rpm

SHA-256: cd60f3f023b2a1098ffce72878ee75d0e4149dd65a17649d06ad683453b29522

openssh-server-sysvinit-7.4p1-23.el7_9.s390x.rpm

SHA-256: d1a091227c48ad5851296f6269f3bf5870825eeebd4fcae1a9d5324392e7e2b3

pam_ssh_agent_auth-0.10.3-2.23.el7_9.s390.rpm

SHA-256: f4492bf3c2c1302a92d841cf3365d30a5ffe96659e3a4eff2bdebe9db5de55d0

pam_ssh_agent_auth-0.10.3-2.23.el7_9.s390x.rpm

SHA-256: 12d743cc668b43aff80a3aacc0f829dacab8cd81a3108710cf35676667b69a41

Red Hat Enterprise Linux for Power, big endian 7

SRPM

openssh-7.4p1-23.el7_9.src.rpm

SHA-256: 10bf72b58e0b43c3fb6476d14a69a05eeaaeee410875d1b69af4ffe34ae26854

ppc64

openssh-7.4p1-23.el7_9.ppc64.rpm

SHA-256: a191935f4963a17eb9b8ae03102503e6e24ce1051fabbc397c9b50bbed1c0752

openssh-askpass-7.4p1-23.el7_9.ppc64.rpm

SHA-256: e9450a9f28a75d3fa955af0bb3906767ac1c537bfb89d127eb17199637b4be04

openssh-cavs-7.4p1-23.el7_9.ppc64.rpm

SHA-256: 1b7d2a5f665a436f30e508e9fd9b37707f829d772334824057bffbc568c79a66

openssh-clients-7.4p1-23.el7_9.ppc64.rpm

SHA-256: cb7ebbf241690708b405d2855687b6e01607b73eb3eb8e595c5220ca2d062e8e

openssh-debuginfo-7.4p1-23.el7_9.ppc.rpm

SHA-256: a4961e2827edc2a64cfcf0962bbed8d040cffc421eada9e59a6f399232d57883

openssh-debuginfo-7.4p1-23.el7_9.ppc64.rpm

SHA-256: b35bbca72d78287c695706ed6fed6fb0c8b96b7016019a844bc717fe99373e11

openssh-debuginfo-7.4p1-23.el7_9.ppc64.rpm

SHA-256: b35bbca72d78287c695706ed6fed6fb0c8b96b7016019a844bc717fe99373e11

openssh-keycat-7.4p1-23.el7_9.ppc64.rpm

SHA-256: fce78506108d19de5ad3b1ca3db242caf287694b7ab8b04711667428262f71d4

openssh-ldap-7.4p1-23.el7_9.ppc64.rpm

SHA-256: 0acfd25d2398cf0e4b10050edad5d96a0ad68bc6232f4b79eb22d9c35cecfcf6

openssh-server-7.4p1-23.el7_9.ppc64.rpm

SHA-256: 7cdcdf2adbe43c0891a84ca15c9bbf67fe23707982189f4eedf0f458c86a583f

openssh-server-sysvinit-7.4p1-23.el7_9.ppc64.rpm

SHA-256: 7a601170122b5b04b3a7e7312767787c4a1cd0a7527c0fff81ba0457b6bd2fa9

pam_ssh_agent_auth-0.10.3-2.23.el7_9.ppc.rpm

SHA-256: 322b817192a3730398cc590496986da2ff129e15d36990fb4d0f17f3e46050ec

pam_ssh_agent_auth-0.10.3-2.23.el7_9.ppc64.rpm

SHA-256: 7bb6fa2986c6930b1bdc456eefdd69ea64f72d761c45c06c01487de335cedc15

Red Hat Enterprise Linux for Scientific Computing 7

SRPM

openssh-7.4p1-23.el7_9.src.rpm

SHA-256: 10bf72b58e0b43c3fb6476d14a69a05eeaaeee410875d1b69af4ffe34ae26854

x86_64

openssh-7.4p1-23.el7_9.x86_64.rpm

SHA-256: c5669ed51d4a17b5948d545720ca589608795c6ca786b32f5c9e710d40080ebe

openssh-askpass-7.4p1-23.el7_9.x86_64.rpm

SHA-256: e3d2f528256477d955de38d023fa7747b4e94707bbdf8382c79b17f275a6b190

openssh-cavs-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 246b93b455828023c0c6ecf4a6710f0ab699c5320c40a253c8156ddd9f93ce13

openssh-clients-7.4p1-23.el7_9.x86_64.rpm

SHA-256: c370165cd929120919d4fe09ef77f5ef01fae400603fba5d265076e868f4f560

openssh-debuginfo-7.4p1-23.el7_9.i686.rpm

SHA-256: 3e8fcb4a4987da99bd1bbd125db1a470f8366905c960fcdf9d772d5fc9ea1950

openssh-debuginfo-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 234c3793298675bf03cd7c25b288aac4f1ad60d59ac072f89d22a9a9a65d7f45

openssh-debuginfo-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 234c3793298675bf03cd7c25b288aac4f1ad60d59ac072f89d22a9a9a65d7f45

openssh-keycat-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 26e3ab77bf213d77d21c79dda171365ce6d8bd5707b7d350a093dfb83ca0c1a1

openssh-ldap-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 8f85b802f65e00f4dbee79afc33033c128c5f560ad29b3211511c9e0ae34825d

openssh-server-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 6e871efc6ccbafa8f42fec9a9579ce96db9184af829d2df4be252a568fb105a0

openssh-server-sysvinit-7.4p1-23.el7_9.x86_64.rpm

SHA-256: 30a72fcae69a57ae9691c1e7366f65217d31eb9149b7b41a94eec31342adf45f

pam_ssh_agent_auth-0.10.3-2.23.el7_9.i686.rpm

SHA-256: 1a1d7777e987ccc581db8c9adf9a48ad3f0a06d4ac819ad9e51642f50032c3e9

pam_ssh_agent_auth-0.10.3-2.23.el7_9.x86_64.rpm

SHA-256: f9f2145d9dbbf6ff4a270d9c29ff6412390bd216f5819090b079307af748becf

Red Hat Enterprise Linux for Power, little endian 7

SRPM

openssh-7.4p1-23.el7_9.src.rpm

SHA-256: 10bf72b58e0b43c3fb6476d14a69a05eeaaeee410875d1b69af4ffe34ae26854

ppc64le

openssh-7.4p1-23.el7_9.ppc64le.rpm

SHA-256: b18c98dd387eff84c723b519f153223844af786c5d5c07a2485147d7c007ef4f

openssh-askpass-7.4p1-23.el7_9.ppc64le.rpm

SHA-256: b53906863bf9a98c7e946a927cda699086c413bb59d3d2669ea2441cf0cc8874

openssh-cavs-7.4p1-23.el7_9.ppc64le.rpm

SHA-256: 31d6e85a853dc4efcb3f8f656637a905f9149b78230b85fa15972f0b2b05c0ed

openssh-clients-7.4p1-23.el7_9.ppc64le.rpm

SHA-256: 9a464f73d16d670a1a0c99539666d5113629a7d560cbdbb6d4a8c99ef5c6f21d

openssh-debuginfo-7.4p1-23.el7_9.ppc64le.rpm

SHA-256: 3630c1b72151d05987b3d7fe92bcf2423af942b1ce5d77f3363d0b73c7a43b25

openssh-debuginfo-7.4p1-23.el7_9.ppc64le.rpm

SHA-256: 3630c1b72151d05987b3d7fe92bcf2423af942b1ce5d77f3363d0b73c7a43b25

openssh-keycat-7.4p1-23.el7_9.ppc64le.rpm

SHA-256: 03aa78afdb08556e3cdd1168e82fe2ecb64326a02e6b43016a41ac031bdefd90

openssh-ldap-7.4p1-23.el7_9.ppc64le.rpm

SHA-256: c42237c02734e7b3418618754b27198eef244325cdde18a9ad4139c849f67157

openssh-server-7.4p1-23.el7_9.ppc64le.rpm

SHA-256: 7193164bbc06db7393e193a76f585d509cd18fbd74c2b1605ddb1b336c10e32a

openssh-server-sysvinit-7.4p1-23.el7_9.ppc64le.rpm

SHA-256: e06938457371fcfcf8a8e788c781b6303e99b65836bc21b6537cfe335a907eb8

pam_ssh_agent_auth-0.10.3-2.23.el7_9.ppc64le.rpm

SHA-256: 6812743617ca00cf4d4622605d6e913596713165fe8967fb1089070e7c7c1b15

Related news

CVE-2023-45085: Releases - HyperCloud Docs

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Red Hat Security Advisory 2023-5103-01

Red Hat Security Advisory 2023-5103-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.6 images.

RHSA-2023:5029: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40029: A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via i...

Red Hat Security Advisory 2023-4982-01

Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.

Red Hat Security Advisory 2023-4972-01

Red Hat Security Advisory 2023-4972-01 - Multicluster Engine for Kubernetes 2.1.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-4893-01

Red Hat Security Advisory 2023-4893-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

RHSA-2023:4889: Red Hat Security Advisory: DevWorkspace Operator 0.22 release

Red Hat DevWorkspace Operator 0.22 has been released. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-...

Red Hat Security Advisory 2023-4875-01

Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.

Red Hat Security Advisory 2023-4654-01

Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Red Hat Security Advisory 2023-4650-01

Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

Red Hat Security Advisory 2023-4576-01

Red Hat Security Advisory 2023-4576-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.

Red Hat Security Advisory 2023-4456-01

Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.

RHSA-2023:4456: Red Hat Security Advisory: OpenShift Container Platform 4.13.8 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

Red Hat Security Advisory 2023-4413-01

Red Hat Security Advisory 2023-4413-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4419-01

Red Hat Security Advisory 2023-4419-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

RHSA-2023:4428: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an a...

Ubuntu Security Notice USN-6242-2

Ubuntu Security Notice 6242-2 - USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

RHSA-2023:4384: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarde...

RHSA-2023:4383: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw al...

RHSA-2023:4381: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an ...

Red Hat Security Advisory 2023-4329-01

Red Hat Security Advisory 2023-4329-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

RHSA-2023:4329: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an at...

Ubuntu Security Notice USN-6242-1

Ubuntu Security Notice 6242-1 - It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

OpenSSH Forwarded SSH-Agent Remote Code Execution

The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.

CVE-2023-38408: Disallow remote addition of FIDO/PKCS11 provider libraries to · openbsd/src@7bc29a9

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.