Headline
RHSA-2023:4384: Red Hat Security Advisory: openssh security update
An update for openssh is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.
Synopsis
Important: openssh security update
Type / Sévérité
Security Advisory: Important
Analyse des correctifs dans Red Hat Insights
Identifiez et remédiez aux systèmes concernés par cette alerte.
Voir les systèmes concernés
Sujet
An update for openssh is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.
Security Fix(es):
- openssh: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.
Produits concernés
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
Correctifs
- BZ - 2224173 - CVE-2023-38408 openssh: Remote code execution in ssh-agent PKCS#11 support
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
openssh-8.0p1-5.el8_2.src.rpm
SHA-256: 8b3f4f69a2c17712ceeb77a694e7cc7372a8295f04e5d8aea410cfe817d4ab34
x86_64
openssh-8.0p1-5.el8_2.x86_64.rpm
SHA-256: a7b74da78855ca0603ca8ebc1d4d51834c6ab9936cb249c29fdfd00bedee2cde
openssh-askpass-8.0p1-5.el8_2.x86_64.rpm
SHA-256: adf7193bddedc884d8c43cee999dc3cf5c8c8d8f58061d396372bd1e724e0d58
openssh-askpass-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: f47396decef885c5aca0d1936590b7ab13b1eefaf87a1289c9247120ce9edd91
openssh-askpass-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: f47396decef885c5aca0d1936590b7ab13b1eefaf87a1289c9247120ce9edd91
openssh-cavs-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 9cfe72f930494bf1c9fd7038e6f673bedc9d97be640bef14c3b162f0349d3437
openssh-cavs-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 06d57e45d6e57ff88edbc8f818df2cae3e6daeb3e5c26d995780bacf666f1c95
openssh-cavs-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 06d57e45d6e57ff88edbc8f818df2cae3e6daeb3e5c26d995780bacf666f1c95
openssh-clients-8.0p1-5.el8_2.x86_64.rpm
SHA-256: c61dfb36ba3cb3adf20e5133ba6a7a7205eb0bdfd6ba9e8f82c96c09d4fa7327
openssh-clients-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 3b11c1244415a279b55ff3e3e3f4d0f4bb3b7b146c709dc97a3334992d408ae1
openssh-clients-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 3b11c1244415a279b55ff3e3e3f4d0f4bb3b7b146c709dc97a3334992d408ae1
openssh-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: d0cc17588c56bb9ae65e528410081f9a9744647fecae33b054b51e1c66710b12
openssh-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: d0cc17588c56bb9ae65e528410081f9a9744647fecae33b054b51e1c66710b12
openssh-debugsource-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 7d479224c6ad89899287b8ea80dc2f6a5042d5c8db59a40f46b5272218b86ba8
openssh-debugsource-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 7d479224c6ad89899287b8ea80dc2f6a5042d5c8db59a40f46b5272218b86ba8
openssh-keycat-8.0p1-5.el8_2.x86_64.rpm
SHA-256: b400fb193d9086f6ee8d1f209e7661c3a329538b259f2c7f000a2f533c582d86
openssh-keycat-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 0f314bd1ddbe26055ec1e02f33135b965586264d67398801e613ccc02cd85f5a
openssh-keycat-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 0f314bd1ddbe26055ec1e02f33135b965586264d67398801e613ccc02cd85f5a
openssh-ldap-8.0p1-5.el8_2.x86_64.rpm
SHA-256: e7448c601f113c16e55e4c6172e0668b3c8ada851a57307a4591a8aac875b7ea
openssh-ldap-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 3eb5d77530345731a7cd1821fdb1887377c904f4248dd2d2be65a074acdef60e
openssh-ldap-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 3eb5d77530345731a7cd1821fdb1887377c904f4248dd2d2be65a074acdef60e
openssh-server-8.0p1-5.el8_2.x86_64.rpm
SHA-256: b7d8a4efdaabc69d9abef02c3371eec00c9954418aa35c193ec7fd6ee58e42a2
openssh-server-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 2c75db6b655591bd678d491e897dc3483464fc9f313f91ab894da7547cad0598
openssh-server-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 2c75db6b655591bd678d491e897dc3483464fc9f313f91ab894da7547cad0598
pam_ssh_agent_auth-0.10.3-7.5.el8_2.x86_64.rpm
SHA-256: 155e193b41e58c9c3266659fc8539c059b2b43bba3620264aa9964d9af19a107
pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_2.x86_64.rpm
SHA-256: be482aba478db695e57179545ad9dc3a9bdde5514b952e833a105a81a3e192b8
pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_2.x86_64.rpm
SHA-256: be482aba478db695e57179545ad9dc3a9bdde5514b952e833a105a81a3e192b8
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
openssh-8.0p1-5.el8_2.src.rpm
SHA-256: 8b3f4f69a2c17712ceeb77a694e7cc7372a8295f04e5d8aea410cfe817d4ab34
x86_64
openssh-8.0p1-5.el8_2.x86_64.rpm
SHA-256: a7b74da78855ca0603ca8ebc1d4d51834c6ab9936cb249c29fdfd00bedee2cde
openssh-askpass-8.0p1-5.el8_2.x86_64.rpm
SHA-256: adf7193bddedc884d8c43cee999dc3cf5c8c8d8f58061d396372bd1e724e0d58
openssh-askpass-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: f47396decef885c5aca0d1936590b7ab13b1eefaf87a1289c9247120ce9edd91
openssh-askpass-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: f47396decef885c5aca0d1936590b7ab13b1eefaf87a1289c9247120ce9edd91
openssh-cavs-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 9cfe72f930494bf1c9fd7038e6f673bedc9d97be640bef14c3b162f0349d3437
openssh-cavs-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 06d57e45d6e57ff88edbc8f818df2cae3e6daeb3e5c26d995780bacf666f1c95
openssh-cavs-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 06d57e45d6e57ff88edbc8f818df2cae3e6daeb3e5c26d995780bacf666f1c95
openssh-clients-8.0p1-5.el8_2.x86_64.rpm
SHA-256: c61dfb36ba3cb3adf20e5133ba6a7a7205eb0bdfd6ba9e8f82c96c09d4fa7327
openssh-clients-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 3b11c1244415a279b55ff3e3e3f4d0f4bb3b7b146c709dc97a3334992d408ae1
openssh-clients-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 3b11c1244415a279b55ff3e3e3f4d0f4bb3b7b146c709dc97a3334992d408ae1
openssh-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: d0cc17588c56bb9ae65e528410081f9a9744647fecae33b054b51e1c66710b12
openssh-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: d0cc17588c56bb9ae65e528410081f9a9744647fecae33b054b51e1c66710b12
openssh-debugsource-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 7d479224c6ad89899287b8ea80dc2f6a5042d5c8db59a40f46b5272218b86ba8
openssh-debugsource-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 7d479224c6ad89899287b8ea80dc2f6a5042d5c8db59a40f46b5272218b86ba8
openssh-keycat-8.0p1-5.el8_2.x86_64.rpm
SHA-256: b400fb193d9086f6ee8d1f209e7661c3a329538b259f2c7f000a2f533c582d86
openssh-keycat-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 0f314bd1ddbe26055ec1e02f33135b965586264d67398801e613ccc02cd85f5a
openssh-keycat-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 0f314bd1ddbe26055ec1e02f33135b965586264d67398801e613ccc02cd85f5a
openssh-ldap-8.0p1-5.el8_2.x86_64.rpm
SHA-256: e7448c601f113c16e55e4c6172e0668b3c8ada851a57307a4591a8aac875b7ea
openssh-ldap-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 3eb5d77530345731a7cd1821fdb1887377c904f4248dd2d2be65a074acdef60e
openssh-ldap-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 3eb5d77530345731a7cd1821fdb1887377c904f4248dd2d2be65a074acdef60e
openssh-server-8.0p1-5.el8_2.x86_64.rpm
SHA-256: b7d8a4efdaabc69d9abef02c3371eec00c9954418aa35c193ec7fd6ee58e42a2
openssh-server-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 2c75db6b655591bd678d491e897dc3483464fc9f313f91ab894da7547cad0598
openssh-server-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 2c75db6b655591bd678d491e897dc3483464fc9f313f91ab894da7547cad0598
pam_ssh_agent_auth-0.10.3-7.5.el8_2.x86_64.rpm
SHA-256: 155e193b41e58c9c3266659fc8539c059b2b43bba3620264aa9964d9af19a107
pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_2.x86_64.rpm
SHA-256: be482aba478db695e57179545ad9dc3a9bdde5514b952e833a105a81a3e192b8
pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_2.x86_64.rpm
SHA-256: be482aba478db695e57179545ad9dc3a9bdde5514b952e833a105a81a3e192b8
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
openssh-8.0p1-5.el8_2.src.rpm
SHA-256: 8b3f4f69a2c17712ceeb77a694e7cc7372a8295f04e5d8aea410cfe817d4ab34
ppc64le
openssh-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: ca2abeb7d2a94e1aea291c82d7f0a07501c30a9dc13bd0d51aabf2b2aa7856cb
openssh-askpass-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: 83c7da7d7c8a9e78cb905ac04fc1e7015be2bb0b9bce43bbd3ebc7403b6f9fa0
openssh-askpass-debuginfo-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: 6675089bfa77500702200941490bff580a2505f948dd9d0e9863852ff9fab1b6
openssh-askpass-debuginfo-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: 6675089bfa77500702200941490bff580a2505f948dd9d0e9863852ff9fab1b6
openssh-cavs-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: 03ceb5439e18a6bdd46ea42f8e430d825ace0b1d66f247e14d0f451568171d8e
openssh-cavs-debuginfo-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: df04c1d90dad99b2bcb9bc0459f068470b169a55b9d8c00bf9d8a6b210400287
openssh-cavs-debuginfo-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: df04c1d90dad99b2bcb9bc0459f068470b169a55b9d8c00bf9d8a6b210400287
openssh-clients-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: a17092abd23bfdd7d5e21fb21977211d7dfcab5d02dfb80481867e594a3347d9
openssh-clients-debuginfo-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: 5610397e0ce4c0431a89228a2c418f502c54e6bc712b98e88f2673823a9ddb22
openssh-clients-debuginfo-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: 5610397e0ce4c0431a89228a2c418f502c54e6bc712b98e88f2673823a9ddb22
openssh-debuginfo-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: ad1a101b313f4b4a8c2c04be87491480dce36756120937c1fba16139b447a528
openssh-debuginfo-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: ad1a101b313f4b4a8c2c04be87491480dce36756120937c1fba16139b447a528
openssh-debugsource-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: b5d06061386a1f1b7a2bbe057d8c56335e0651f0bfdf766216155a2fa7d98cb4
openssh-debugsource-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: b5d06061386a1f1b7a2bbe057d8c56335e0651f0bfdf766216155a2fa7d98cb4
openssh-keycat-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: 56e9ed0a9aaac61e52664fbe9582a4ea0ba13f3c8880d9da3d7564dd866b9ade
openssh-keycat-debuginfo-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: 6ffb3a1ceeb3d440ca2305ba7e21f40adbb13395bd972b927aca42f34fd3e3a2
openssh-keycat-debuginfo-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: 6ffb3a1ceeb3d440ca2305ba7e21f40adbb13395bd972b927aca42f34fd3e3a2
openssh-ldap-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: caed09cb78c38389d8c159cb9ee6e7a0f499b322f01684062138ff87b0d64dda
openssh-ldap-debuginfo-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: 5d1b73ba742e69e465f62ac130f900f4ef0671894c5835a8fd1317367a232088
openssh-ldap-debuginfo-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: 5d1b73ba742e69e465f62ac130f900f4ef0671894c5835a8fd1317367a232088
openssh-server-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: 26de529e3b271c1d7a0b7ce5e937868ed4b18cd00cf759e5fc9660785a7bd053
openssh-server-debuginfo-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: ee2190411de40a87a281267f332d7e0ce2c2798fb9d11244b59b44c7d17feaed
openssh-server-debuginfo-8.0p1-5.el8_2.ppc64le.rpm
SHA-256: ee2190411de40a87a281267f332d7e0ce2c2798fb9d11244b59b44c7d17feaed
pam_ssh_agent_auth-0.10.3-7.5.el8_2.ppc64le.rpm
SHA-256: 3a92d740484de679bbfa5689f55658397c4cbc846f74556d617f88b46293b1c8
pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_2.ppc64le.rpm
SHA-256: 552ea1ba19389bc78d0627b3a183a4cc41f175868c9bd7ab68b340bf5768dc08
pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_2.ppc64le.rpm
SHA-256: 552ea1ba19389bc78d0627b3a183a4cc41f175868c9bd7ab68b340bf5768dc08
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2
SRPM
openssh-8.0p1-5.el8_2.src.rpm
SHA-256: 8b3f4f69a2c17712ceeb77a694e7cc7372a8295f04e5d8aea410cfe817d4ab34
x86_64
openssh-8.0p1-5.el8_2.x86_64.rpm
SHA-256: a7b74da78855ca0603ca8ebc1d4d51834c6ab9936cb249c29fdfd00bedee2cde
openssh-askpass-8.0p1-5.el8_2.x86_64.rpm
SHA-256: adf7193bddedc884d8c43cee999dc3cf5c8c8d8f58061d396372bd1e724e0d58
openssh-askpass-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: f47396decef885c5aca0d1936590b7ab13b1eefaf87a1289c9247120ce9edd91
openssh-askpass-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: f47396decef885c5aca0d1936590b7ab13b1eefaf87a1289c9247120ce9edd91
openssh-cavs-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 9cfe72f930494bf1c9fd7038e6f673bedc9d97be640bef14c3b162f0349d3437
openssh-cavs-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 06d57e45d6e57ff88edbc8f818df2cae3e6daeb3e5c26d995780bacf666f1c95
openssh-cavs-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 06d57e45d6e57ff88edbc8f818df2cae3e6daeb3e5c26d995780bacf666f1c95
openssh-clients-8.0p1-5.el8_2.x86_64.rpm
SHA-256: c61dfb36ba3cb3adf20e5133ba6a7a7205eb0bdfd6ba9e8f82c96c09d4fa7327
openssh-clients-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 3b11c1244415a279b55ff3e3e3f4d0f4bb3b7b146c709dc97a3334992d408ae1
openssh-clients-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 3b11c1244415a279b55ff3e3e3f4d0f4bb3b7b146c709dc97a3334992d408ae1
openssh-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: d0cc17588c56bb9ae65e528410081f9a9744647fecae33b054b51e1c66710b12
openssh-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: d0cc17588c56bb9ae65e528410081f9a9744647fecae33b054b51e1c66710b12
openssh-debugsource-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 7d479224c6ad89899287b8ea80dc2f6a5042d5c8db59a40f46b5272218b86ba8
openssh-debugsource-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 7d479224c6ad89899287b8ea80dc2f6a5042d5c8db59a40f46b5272218b86ba8
openssh-keycat-8.0p1-5.el8_2.x86_64.rpm
SHA-256: b400fb193d9086f6ee8d1f209e7661c3a329538b259f2c7f000a2f533c582d86
openssh-keycat-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 0f314bd1ddbe26055ec1e02f33135b965586264d67398801e613ccc02cd85f5a
openssh-keycat-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 0f314bd1ddbe26055ec1e02f33135b965586264d67398801e613ccc02cd85f5a
openssh-ldap-8.0p1-5.el8_2.x86_64.rpm
SHA-256: e7448c601f113c16e55e4c6172e0668b3c8ada851a57307a4591a8aac875b7ea
openssh-ldap-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 3eb5d77530345731a7cd1821fdb1887377c904f4248dd2d2be65a074acdef60e
openssh-ldap-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 3eb5d77530345731a7cd1821fdb1887377c904f4248dd2d2be65a074acdef60e
openssh-server-8.0p1-5.el8_2.x86_64.rpm
SHA-256: b7d8a4efdaabc69d9abef02c3371eec00c9954418aa35c193ec7fd6ee58e42a2
openssh-server-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 2c75db6b655591bd678d491e897dc3483464fc9f313f91ab894da7547cad0598
openssh-server-debuginfo-8.0p1-5.el8_2.x86_64.rpm
SHA-256: 2c75db6b655591bd678d491e897dc3483464fc9f313f91ab894da7547cad0598
pam_ssh_agent_auth-0.10.3-7.5.el8_2.x86_64.rpm
SHA-256: 155e193b41e58c9c3266659fc8539c059b2b43bba3620264aa9964d9af19a107
pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_2.x86_64.rpm
SHA-256: be482aba478db695e57179545ad9dc3a9bdde5514b952e833a105a81a3e192b8
pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_2.x86_64.rpm
SHA-256: be482aba478db695e57179545ad9dc3a9bdde5514b952e833a105a81a3e192b8
Related news
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138
Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.
Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to esc...
Red Hat Security Advisory 2023-4889-01 - The DevWorkspace Operator extends OpenShift to provide DevWorkspace support. Issues addressed include a code execution vulnerability.
The Migration Toolkit for Containers (MTC) 1.7.12 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24532: A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.
Red Hat Advanced Cluster Management for Kubernetes 2.8.1 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3027: The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created polic...
IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.
Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape t...
Red Hat Security Advisory 2023-4575-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.
Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.
Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Red Hat Security Advisory 2023-4428-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-4413-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.
An update for openssh is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an a...
Ubuntu Security Notice 6242-2 - USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.
An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the...
An update for openssh is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw al...
An update for openssh is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an ...
Red Hat Security Advisory 2023-4329-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.
An update for openssh is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an at...
Ubuntu Security Notice 6242-1 - It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.
Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.
The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.