Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4384: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.
Red Hat Security Data
#vulnerability#linux#red_hat#rce#ldap#auth#ssh#sap

Synopsis

Important: openssh security update

Type / Sévérité

Security Advisory: Important

Analyse des correctifs dans Red Hat Insights

Identifiez et remédiez aux systèmes concernés par cette alerte.

Voir les systèmes concernés

Sujet

An update for openssh is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

  • openssh: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.

Produits concernés

  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Correctifs

  • BZ - 2224173 - CVE-2023-38408 openssh: Remote code execution in ssh-agent PKCS#11 support

Red Hat Enterprise Linux Server - AUS 8.2

SRPM

openssh-8.0p1-5.el8_2.src.rpm

SHA-256: 8b3f4f69a2c17712ceeb77a694e7cc7372a8295f04e5d8aea410cfe817d4ab34

x86_64

openssh-8.0p1-5.el8_2.x86_64.rpm

SHA-256: a7b74da78855ca0603ca8ebc1d4d51834c6ab9936cb249c29fdfd00bedee2cde

openssh-askpass-8.0p1-5.el8_2.x86_64.rpm

SHA-256: adf7193bddedc884d8c43cee999dc3cf5c8c8d8f58061d396372bd1e724e0d58

openssh-askpass-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: f47396decef885c5aca0d1936590b7ab13b1eefaf87a1289c9247120ce9edd91

openssh-askpass-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: f47396decef885c5aca0d1936590b7ab13b1eefaf87a1289c9247120ce9edd91

openssh-cavs-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 9cfe72f930494bf1c9fd7038e6f673bedc9d97be640bef14c3b162f0349d3437

openssh-cavs-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 06d57e45d6e57ff88edbc8f818df2cae3e6daeb3e5c26d995780bacf666f1c95

openssh-cavs-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 06d57e45d6e57ff88edbc8f818df2cae3e6daeb3e5c26d995780bacf666f1c95

openssh-clients-8.0p1-5.el8_2.x86_64.rpm

SHA-256: c61dfb36ba3cb3adf20e5133ba6a7a7205eb0bdfd6ba9e8f82c96c09d4fa7327

openssh-clients-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 3b11c1244415a279b55ff3e3e3f4d0f4bb3b7b146c709dc97a3334992d408ae1

openssh-clients-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 3b11c1244415a279b55ff3e3e3f4d0f4bb3b7b146c709dc97a3334992d408ae1

openssh-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: d0cc17588c56bb9ae65e528410081f9a9744647fecae33b054b51e1c66710b12

openssh-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: d0cc17588c56bb9ae65e528410081f9a9744647fecae33b054b51e1c66710b12

openssh-debugsource-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 7d479224c6ad89899287b8ea80dc2f6a5042d5c8db59a40f46b5272218b86ba8

openssh-debugsource-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 7d479224c6ad89899287b8ea80dc2f6a5042d5c8db59a40f46b5272218b86ba8

openssh-keycat-8.0p1-5.el8_2.x86_64.rpm

SHA-256: b400fb193d9086f6ee8d1f209e7661c3a329538b259f2c7f000a2f533c582d86

openssh-keycat-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 0f314bd1ddbe26055ec1e02f33135b965586264d67398801e613ccc02cd85f5a

openssh-keycat-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 0f314bd1ddbe26055ec1e02f33135b965586264d67398801e613ccc02cd85f5a

openssh-ldap-8.0p1-5.el8_2.x86_64.rpm

SHA-256: e7448c601f113c16e55e4c6172e0668b3c8ada851a57307a4591a8aac875b7ea

openssh-ldap-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 3eb5d77530345731a7cd1821fdb1887377c904f4248dd2d2be65a074acdef60e

openssh-ldap-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 3eb5d77530345731a7cd1821fdb1887377c904f4248dd2d2be65a074acdef60e

openssh-server-8.0p1-5.el8_2.x86_64.rpm

SHA-256: b7d8a4efdaabc69d9abef02c3371eec00c9954418aa35c193ec7fd6ee58e42a2

openssh-server-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 2c75db6b655591bd678d491e897dc3483464fc9f313f91ab894da7547cad0598

openssh-server-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 2c75db6b655591bd678d491e897dc3483464fc9f313f91ab894da7547cad0598

pam_ssh_agent_auth-0.10.3-7.5.el8_2.x86_64.rpm

SHA-256: 155e193b41e58c9c3266659fc8539c059b2b43bba3620264aa9964d9af19a107

pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_2.x86_64.rpm

SHA-256: be482aba478db695e57179545ad9dc3a9bdde5514b952e833a105a81a3e192b8

pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_2.x86_64.rpm

SHA-256: be482aba478db695e57179545ad9dc3a9bdde5514b952e833a105a81a3e192b8

Red Hat Enterprise Linux Server - TUS 8.2

SRPM

openssh-8.0p1-5.el8_2.src.rpm

SHA-256: 8b3f4f69a2c17712ceeb77a694e7cc7372a8295f04e5d8aea410cfe817d4ab34

x86_64

openssh-8.0p1-5.el8_2.x86_64.rpm

SHA-256: a7b74da78855ca0603ca8ebc1d4d51834c6ab9936cb249c29fdfd00bedee2cde

openssh-askpass-8.0p1-5.el8_2.x86_64.rpm

SHA-256: adf7193bddedc884d8c43cee999dc3cf5c8c8d8f58061d396372bd1e724e0d58

openssh-askpass-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: f47396decef885c5aca0d1936590b7ab13b1eefaf87a1289c9247120ce9edd91

openssh-askpass-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: f47396decef885c5aca0d1936590b7ab13b1eefaf87a1289c9247120ce9edd91

openssh-cavs-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 9cfe72f930494bf1c9fd7038e6f673bedc9d97be640bef14c3b162f0349d3437

openssh-cavs-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 06d57e45d6e57ff88edbc8f818df2cae3e6daeb3e5c26d995780bacf666f1c95

openssh-cavs-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 06d57e45d6e57ff88edbc8f818df2cae3e6daeb3e5c26d995780bacf666f1c95

openssh-clients-8.0p1-5.el8_2.x86_64.rpm

SHA-256: c61dfb36ba3cb3adf20e5133ba6a7a7205eb0bdfd6ba9e8f82c96c09d4fa7327

openssh-clients-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 3b11c1244415a279b55ff3e3e3f4d0f4bb3b7b146c709dc97a3334992d408ae1

openssh-clients-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 3b11c1244415a279b55ff3e3e3f4d0f4bb3b7b146c709dc97a3334992d408ae1

openssh-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: d0cc17588c56bb9ae65e528410081f9a9744647fecae33b054b51e1c66710b12

openssh-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: d0cc17588c56bb9ae65e528410081f9a9744647fecae33b054b51e1c66710b12

openssh-debugsource-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 7d479224c6ad89899287b8ea80dc2f6a5042d5c8db59a40f46b5272218b86ba8

openssh-debugsource-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 7d479224c6ad89899287b8ea80dc2f6a5042d5c8db59a40f46b5272218b86ba8

openssh-keycat-8.0p1-5.el8_2.x86_64.rpm

SHA-256: b400fb193d9086f6ee8d1f209e7661c3a329538b259f2c7f000a2f533c582d86

openssh-keycat-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 0f314bd1ddbe26055ec1e02f33135b965586264d67398801e613ccc02cd85f5a

openssh-keycat-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 0f314bd1ddbe26055ec1e02f33135b965586264d67398801e613ccc02cd85f5a

openssh-ldap-8.0p1-5.el8_2.x86_64.rpm

SHA-256: e7448c601f113c16e55e4c6172e0668b3c8ada851a57307a4591a8aac875b7ea

openssh-ldap-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 3eb5d77530345731a7cd1821fdb1887377c904f4248dd2d2be65a074acdef60e

openssh-ldap-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 3eb5d77530345731a7cd1821fdb1887377c904f4248dd2d2be65a074acdef60e

openssh-server-8.0p1-5.el8_2.x86_64.rpm

SHA-256: b7d8a4efdaabc69d9abef02c3371eec00c9954418aa35c193ec7fd6ee58e42a2

openssh-server-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 2c75db6b655591bd678d491e897dc3483464fc9f313f91ab894da7547cad0598

openssh-server-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 2c75db6b655591bd678d491e897dc3483464fc9f313f91ab894da7547cad0598

pam_ssh_agent_auth-0.10.3-7.5.el8_2.x86_64.rpm

SHA-256: 155e193b41e58c9c3266659fc8539c059b2b43bba3620264aa9964d9af19a107

pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_2.x86_64.rpm

SHA-256: be482aba478db695e57179545ad9dc3a9bdde5514b952e833a105a81a3e192b8

pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_2.x86_64.rpm

SHA-256: be482aba478db695e57179545ad9dc3a9bdde5514b952e833a105a81a3e192b8

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM

openssh-8.0p1-5.el8_2.src.rpm

SHA-256: 8b3f4f69a2c17712ceeb77a694e7cc7372a8295f04e5d8aea410cfe817d4ab34

ppc64le

openssh-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: ca2abeb7d2a94e1aea291c82d7f0a07501c30a9dc13bd0d51aabf2b2aa7856cb

openssh-askpass-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: 83c7da7d7c8a9e78cb905ac04fc1e7015be2bb0b9bce43bbd3ebc7403b6f9fa0

openssh-askpass-debuginfo-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: 6675089bfa77500702200941490bff580a2505f948dd9d0e9863852ff9fab1b6

openssh-askpass-debuginfo-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: 6675089bfa77500702200941490bff580a2505f948dd9d0e9863852ff9fab1b6

openssh-cavs-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: 03ceb5439e18a6bdd46ea42f8e430d825ace0b1d66f247e14d0f451568171d8e

openssh-cavs-debuginfo-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: df04c1d90dad99b2bcb9bc0459f068470b169a55b9d8c00bf9d8a6b210400287

openssh-cavs-debuginfo-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: df04c1d90dad99b2bcb9bc0459f068470b169a55b9d8c00bf9d8a6b210400287

openssh-clients-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: a17092abd23bfdd7d5e21fb21977211d7dfcab5d02dfb80481867e594a3347d9

openssh-clients-debuginfo-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: 5610397e0ce4c0431a89228a2c418f502c54e6bc712b98e88f2673823a9ddb22

openssh-clients-debuginfo-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: 5610397e0ce4c0431a89228a2c418f502c54e6bc712b98e88f2673823a9ddb22

openssh-debuginfo-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: ad1a101b313f4b4a8c2c04be87491480dce36756120937c1fba16139b447a528

openssh-debuginfo-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: ad1a101b313f4b4a8c2c04be87491480dce36756120937c1fba16139b447a528

openssh-debugsource-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: b5d06061386a1f1b7a2bbe057d8c56335e0651f0bfdf766216155a2fa7d98cb4

openssh-debugsource-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: b5d06061386a1f1b7a2bbe057d8c56335e0651f0bfdf766216155a2fa7d98cb4

openssh-keycat-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: 56e9ed0a9aaac61e52664fbe9582a4ea0ba13f3c8880d9da3d7564dd866b9ade

openssh-keycat-debuginfo-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: 6ffb3a1ceeb3d440ca2305ba7e21f40adbb13395bd972b927aca42f34fd3e3a2

openssh-keycat-debuginfo-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: 6ffb3a1ceeb3d440ca2305ba7e21f40adbb13395bd972b927aca42f34fd3e3a2

openssh-ldap-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: caed09cb78c38389d8c159cb9ee6e7a0f499b322f01684062138ff87b0d64dda

openssh-ldap-debuginfo-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: 5d1b73ba742e69e465f62ac130f900f4ef0671894c5835a8fd1317367a232088

openssh-ldap-debuginfo-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: 5d1b73ba742e69e465f62ac130f900f4ef0671894c5835a8fd1317367a232088

openssh-server-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: 26de529e3b271c1d7a0b7ce5e937868ed4b18cd00cf759e5fc9660785a7bd053

openssh-server-debuginfo-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: ee2190411de40a87a281267f332d7e0ce2c2798fb9d11244b59b44c7d17feaed

openssh-server-debuginfo-8.0p1-5.el8_2.ppc64le.rpm

SHA-256: ee2190411de40a87a281267f332d7e0ce2c2798fb9d11244b59b44c7d17feaed

pam_ssh_agent_auth-0.10.3-7.5.el8_2.ppc64le.rpm

SHA-256: 3a92d740484de679bbfa5689f55658397c4cbc846f74556d617f88b46293b1c8

pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_2.ppc64le.rpm

SHA-256: 552ea1ba19389bc78d0627b3a183a4cc41f175868c9bd7ab68b340bf5768dc08

pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_2.ppc64le.rpm

SHA-256: 552ea1ba19389bc78d0627b3a183a4cc41f175868c9bd7ab68b340bf5768dc08

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM

openssh-8.0p1-5.el8_2.src.rpm

SHA-256: 8b3f4f69a2c17712ceeb77a694e7cc7372a8295f04e5d8aea410cfe817d4ab34

x86_64

openssh-8.0p1-5.el8_2.x86_64.rpm

SHA-256: a7b74da78855ca0603ca8ebc1d4d51834c6ab9936cb249c29fdfd00bedee2cde

openssh-askpass-8.0p1-5.el8_2.x86_64.rpm

SHA-256: adf7193bddedc884d8c43cee999dc3cf5c8c8d8f58061d396372bd1e724e0d58

openssh-askpass-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: f47396decef885c5aca0d1936590b7ab13b1eefaf87a1289c9247120ce9edd91

openssh-askpass-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: f47396decef885c5aca0d1936590b7ab13b1eefaf87a1289c9247120ce9edd91

openssh-cavs-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 9cfe72f930494bf1c9fd7038e6f673bedc9d97be640bef14c3b162f0349d3437

openssh-cavs-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 06d57e45d6e57ff88edbc8f818df2cae3e6daeb3e5c26d995780bacf666f1c95

openssh-cavs-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 06d57e45d6e57ff88edbc8f818df2cae3e6daeb3e5c26d995780bacf666f1c95

openssh-clients-8.0p1-5.el8_2.x86_64.rpm

SHA-256: c61dfb36ba3cb3adf20e5133ba6a7a7205eb0bdfd6ba9e8f82c96c09d4fa7327

openssh-clients-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 3b11c1244415a279b55ff3e3e3f4d0f4bb3b7b146c709dc97a3334992d408ae1

openssh-clients-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 3b11c1244415a279b55ff3e3e3f4d0f4bb3b7b146c709dc97a3334992d408ae1

openssh-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: d0cc17588c56bb9ae65e528410081f9a9744647fecae33b054b51e1c66710b12

openssh-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: d0cc17588c56bb9ae65e528410081f9a9744647fecae33b054b51e1c66710b12

openssh-debugsource-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 7d479224c6ad89899287b8ea80dc2f6a5042d5c8db59a40f46b5272218b86ba8

openssh-debugsource-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 7d479224c6ad89899287b8ea80dc2f6a5042d5c8db59a40f46b5272218b86ba8

openssh-keycat-8.0p1-5.el8_2.x86_64.rpm

SHA-256: b400fb193d9086f6ee8d1f209e7661c3a329538b259f2c7f000a2f533c582d86

openssh-keycat-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 0f314bd1ddbe26055ec1e02f33135b965586264d67398801e613ccc02cd85f5a

openssh-keycat-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 0f314bd1ddbe26055ec1e02f33135b965586264d67398801e613ccc02cd85f5a

openssh-ldap-8.0p1-5.el8_2.x86_64.rpm

SHA-256: e7448c601f113c16e55e4c6172e0668b3c8ada851a57307a4591a8aac875b7ea

openssh-ldap-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 3eb5d77530345731a7cd1821fdb1887377c904f4248dd2d2be65a074acdef60e

openssh-ldap-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 3eb5d77530345731a7cd1821fdb1887377c904f4248dd2d2be65a074acdef60e

openssh-server-8.0p1-5.el8_2.x86_64.rpm

SHA-256: b7d8a4efdaabc69d9abef02c3371eec00c9954418aa35c193ec7fd6ee58e42a2

openssh-server-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 2c75db6b655591bd678d491e897dc3483464fc9f313f91ab894da7547cad0598

openssh-server-debuginfo-8.0p1-5.el8_2.x86_64.rpm

SHA-256: 2c75db6b655591bd678d491e897dc3483464fc9f313f91ab894da7547cad0598

pam_ssh_agent_auth-0.10.3-7.5.el8_2.x86_64.rpm

SHA-256: 155e193b41e58c9c3266659fc8539c059b2b43bba3620264aa9964d9af19a107

pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_2.x86_64.rpm

SHA-256: be482aba478db695e57179545ad9dc3a9bdde5514b952e833a105a81a3e192b8

pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_2.x86_64.rpm

SHA-256: be482aba478db695e57179545ad9dc3a9bdde5514b952e833a105a81a3e192b8

Related news

CVE-2023-45085: Releases - HyperCloud Docs

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

CVE-2023-30994: Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138

Red Hat Security Advisory 2023-5029-01

Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.

RHSA-2023:4972: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.8 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to esc...

Red Hat Security Advisory 2023-4889-01

Red Hat Security Advisory 2023-4889-01 - The DevWorkspace Operator extends OpenShift to provide DevWorkspace support. Issues addressed include a code execution vulnerability.

RHSA-2023:4892: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.12 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.12 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24532: A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.

RHSA-2023:4875: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.1 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.8.1 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3027: The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created polic...

CVE-2023-40371: Security Bulletin: AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH (CVE-2023-40371 and CVE-2023-38408)

IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.

Red Hat Security Advisory 2023-4654-01

Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

RHSA-2023:4650: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.7 security updates and bug fixes

Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape t...

Red Hat Security Advisory 2023-4575-01

Red Hat Security Advisory 2023-4575-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.

Red Hat Security Advisory 2023-4456-01

Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.

RHSA-2023:4456: Red Hat Security Advisory: OpenShift Container Platform 4.13.8 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

Red Hat Security Advisory 2023-4428-01

Red Hat Security Advisory 2023-4428-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4413-01

Red Hat Security Advisory 2023-4413-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

RHSA-2023:4428: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an a...

Ubuntu Security Notice USN-6242-2

Ubuntu Security Notice 6242-2 - USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

RHSA-2023:4382: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the...

RHSA-2023:4383: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw al...

RHSA-2023:4381: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an ...

Red Hat Security Advisory 2023-4329-01

Red Hat Security Advisory 2023-4329-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

RHSA-2023:4329: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an at...

Ubuntu Security Notice USN-6242-1

Ubuntu Security Notice 6242-1 - It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

OpenSSH Forwarded SSH-Agent Remote Code Execution

The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.

CVE-2023-38408: Disallow remote addition of FIDO/PKCS11 provider libraries to · openbsd/src@7bc29a9

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.