Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4381: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.
Red Hat Security Data
#vulnerability#linux#red_hat#rce#ldap#auth#ssh#sap

Synopsis

Important: openssh security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openssh is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

  • openssh: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2224173 - CVE-2023-38408 openssh: Remote code execution in ssh-agent PKCS#11 support

Red Hat Enterprise Linux Server - AUS 8.4

SRPM

openssh-8.0p1-7.el8_4.src.rpm

SHA-256: cd4e571748dfdcb644d2b9ff4333ce2ef61cb973ea7e55f057bf4e9e675881a4

x86_64

openssh-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 7e5e979a9e934a77c1ecf162841a83994db4f691686066f26bb537e4152f1ee3

openssh-askpass-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 94d0c5dd4903a069c7a34d529a3a3e8d84480cc2705561f509ffc6cf732037fe

openssh-askpass-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 6d3c8cc94e56e5ae27838296d7d620543929772c8f569e36eb0de60d492e6a08

openssh-askpass-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 6d3c8cc94e56e5ae27838296d7d620543929772c8f569e36eb0de60d492e6a08

openssh-cavs-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 319795f5bba2b43644bf4f1a615cc6a8568fc185dd9d66e48ba686e0a11464fc

openssh-cavs-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: fda494c0d977432cef599fd97244b3d1500eb1f83cd15af621856bb927a232d5

openssh-cavs-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: fda494c0d977432cef599fd97244b3d1500eb1f83cd15af621856bb927a232d5

openssh-clients-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 3047d642ce385f94fbc894846b1b5fabc44fd5404fdb5ff94c49543439c53ad4

openssh-clients-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: afa8c1808633bdd76b5d2bef1aad7055dad1ea85f80c3877d427ab05bfb9c329

openssh-clients-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: afa8c1808633bdd76b5d2bef1aad7055dad1ea85f80c3877d427ab05bfb9c329

openssh-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: b1478bd2a7d63a607ebba58d9db7c7977add120c9febaff9b33517d4893cae4e

openssh-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: b1478bd2a7d63a607ebba58d9db7c7977add120c9febaff9b33517d4893cae4e

openssh-debugsource-8.0p1-7.el8_4.x86_64.rpm

SHA-256: c80bbf15da6991cec9af689384cb7b8bfab39a3ff73a5913da7e7bb1f7e4714a

openssh-debugsource-8.0p1-7.el8_4.x86_64.rpm

SHA-256: c80bbf15da6991cec9af689384cb7b8bfab39a3ff73a5913da7e7bb1f7e4714a

openssh-keycat-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 804378212dc7a7df84f6602c996157081b4eaf3ff2f138f216380f8a0713b1c4

openssh-keycat-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 57bb7cc4ad356a731827ac635abb2ed94213ce80bf01142cdb83ec2eb5628cf2

openssh-keycat-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 57bb7cc4ad356a731827ac635abb2ed94213ce80bf01142cdb83ec2eb5628cf2

openssh-ldap-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 055297c8f8e5db068e65a7ab89d554eadc0f6d3f36530bde4606eb0f2e426827

openssh-ldap-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: fea4d9bf64c3cbdb336666aa4bb5b3c4d8681999a89e792e8b18a8db82b676c6

openssh-ldap-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: fea4d9bf64c3cbdb336666aa4bb5b3c4d8681999a89e792e8b18a8db82b676c6

openssh-server-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 5fa3119dacf3b467fb41a8a9746ef0335fc8c566928b92865a00269051dd901d

openssh-server-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: a1229c27e9ea72ea942eb52417e6403f7151fbeb9f68042a2645cfcba3028b78

openssh-server-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: a1229c27e9ea72ea942eb52417e6403f7151fbeb9f68042a2645cfcba3028b78

pam_ssh_agent_auth-0.10.3-7.7.el8_4.1.x86_64.rpm

SHA-256: 9a5d5977876f21f2fd88be7accac0608f58668ba5879e6fed8e99b5d37b1f037

pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.1.x86_64.rpm

SHA-256: ddc39b174289950cc07583a577102bc3ec2366cf405850a7076b2fd61a54e1df

pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.1.x86_64.rpm

SHA-256: ddc39b174289950cc07583a577102bc3ec2366cf405850a7076b2fd61a54e1df

Red Hat Enterprise Linux Server - TUS 8.4

SRPM

openssh-8.0p1-7.el8_4.src.rpm

SHA-256: cd4e571748dfdcb644d2b9ff4333ce2ef61cb973ea7e55f057bf4e9e675881a4

x86_64

openssh-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 7e5e979a9e934a77c1ecf162841a83994db4f691686066f26bb537e4152f1ee3

openssh-askpass-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 94d0c5dd4903a069c7a34d529a3a3e8d84480cc2705561f509ffc6cf732037fe

openssh-askpass-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 6d3c8cc94e56e5ae27838296d7d620543929772c8f569e36eb0de60d492e6a08

openssh-askpass-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 6d3c8cc94e56e5ae27838296d7d620543929772c8f569e36eb0de60d492e6a08

openssh-cavs-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 319795f5bba2b43644bf4f1a615cc6a8568fc185dd9d66e48ba686e0a11464fc

openssh-cavs-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: fda494c0d977432cef599fd97244b3d1500eb1f83cd15af621856bb927a232d5

openssh-cavs-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: fda494c0d977432cef599fd97244b3d1500eb1f83cd15af621856bb927a232d5

openssh-clients-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 3047d642ce385f94fbc894846b1b5fabc44fd5404fdb5ff94c49543439c53ad4

openssh-clients-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: afa8c1808633bdd76b5d2bef1aad7055dad1ea85f80c3877d427ab05bfb9c329

openssh-clients-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: afa8c1808633bdd76b5d2bef1aad7055dad1ea85f80c3877d427ab05bfb9c329

openssh-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: b1478bd2a7d63a607ebba58d9db7c7977add120c9febaff9b33517d4893cae4e

openssh-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: b1478bd2a7d63a607ebba58d9db7c7977add120c9febaff9b33517d4893cae4e

openssh-debugsource-8.0p1-7.el8_4.x86_64.rpm

SHA-256: c80bbf15da6991cec9af689384cb7b8bfab39a3ff73a5913da7e7bb1f7e4714a

openssh-debugsource-8.0p1-7.el8_4.x86_64.rpm

SHA-256: c80bbf15da6991cec9af689384cb7b8bfab39a3ff73a5913da7e7bb1f7e4714a

openssh-keycat-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 804378212dc7a7df84f6602c996157081b4eaf3ff2f138f216380f8a0713b1c4

openssh-keycat-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 57bb7cc4ad356a731827ac635abb2ed94213ce80bf01142cdb83ec2eb5628cf2

openssh-keycat-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 57bb7cc4ad356a731827ac635abb2ed94213ce80bf01142cdb83ec2eb5628cf2

openssh-ldap-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 055297c8f8e5db068e65a7ab89d554eadc0f6d3f36530bde4606eb0f2e426827

openssh-ldap-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: fea4d9bf64c3cbdb336666aa4bb5b3c4d8681999a89e792e8b18a8db82b676c6

openssh-ldap-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: fea4d9bf64c3cbdb336666aa4bb5b3c4d8681999a89e792e8b18a8db82b676c6

openssh-server-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 5fa3119dacf3b467fb41a8a9746ef0335fc8c566928b92865a00269051dd901d

openssh-server-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: a1229c27e9ea72ea942eb52417e6403f7151fbeb9f68042a2645cfcba3028b78

openssh-server-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: a1229c27e9ea72ea942eb52417e6403f7151fbeb9f68042a2645cfcba3028b78

pam_ssh_agent_auth-0.10.3-7.7.el8_4.1.x86_64.rpm

SHA-256: 9a5d5977876f21f2fd88be7accac0608f58668ba5879e6fed8e99b5d37b1f037

pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.1.x86_64.rpm

SHA-256: ddc39b174289950cc07583a577102bc3ec2366cf405850a7076b2fd61a54e1df

pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.1.x86_64.rpm

SHA-256: ddc39b174289950cc07583a577102bc3ec2366cf405850a7076b2fd61a54e1df

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM

openssh-8.0p1-7.el8_4.src.rpm

SHA-256: cd4e571748dfdcb644d2b9ff4333ce2ef61cb973ea7e55f057bf4e9e675881a4

ppc64le

openssh-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: 5eb743ef0c70c52cff856f15cece5fa8bbf35a3531b00593c4cfc57339643fef

openssh-askpass-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: 38abf6dd04c167269dd5bb76af26f2e9882b131fb122d2f9117f7e56d6f5e8af

openssh-askpass-debuginfo-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: 26c7db01dc6cde66cdc257181b8a6ba8803b2b76b9119e155e8758e633268189

openssh-askpass-debuginfo-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: 26c7db01dc6cde66cdc257181b8a6ba8803b2b76b9119e155e8758e633268189

openssh-cavs-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: 9649ed101b4572df5084ef901e1549e2d4e95e4b46b688b6938b842bb0325d15

openssh-cavs-debuginfo-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: 21a969e72874870e59a86e51b4fc3d9719e0808eede026c26ae76083468ec741

openssh-cavs-debuginfo-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: 21a969e72874870e59a86e51b4fc3d9719e0808eede026c26ae76083468ec741

openssh-clients-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: 17bdb9ec627042435258926b54770b2de60558d2d573ac8894634fb3b822008c

openssh-clients-debuginfo-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: 75d44dadfb1dba03e9e7ff587a26a743c305c7265bbb140e5061baf0fbb76dc1

openssh-clients-debuginfo-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: 75d44dadfb1dba03e9e7ff587a26a743c305c7265bbb140e5061baf0fbb76dc1

openssh-debuginfo-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: ee13908566445f30d5402f1a14a7782390f0a41c8e6bef65145aa6d6ab0402d5

openssh-debuginfo-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: ee13908566445f30d5402f1a14a7782390f0a41c8e6bef65145aa6d6ab0402d5

openssh-debugsource-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: c5025a41be610d95c61fafb400f10bf97dbdcde91077dd34b832fcd8fdff0222

openssh-debugsource-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: c5025a41be610d95c61fafb400f10bf97dbdcde91077dd34b832fcd8fdff0222

openssh-keycat-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: 36e01c53e6287cf488dd4f0653691d99ba004d971d33cd3563d93b345635ca52

openssh-keycat-debuginfo-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: abaad04fa9c39966f413368664a897b703133184e83c116aa543917b4148cdaa

openssh-keycat-debuginfo-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: abaad04fa9c39966f413368664a897b703133184e83c116aa543917b4148cdaa

openssh-ldap-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: 75da44981b8970fbe0dc1c1350fdec5b3b488b5cfffb765d6a04efabef42ef9d

openssh-ldap-debuginfo-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: 324c6f8ef60187a08c5a913de2ef6617849406814e5a4144fb5806377f4fb619

openssh-ldap-debuginfo-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: 324c6f8ef60187a08c5a913de2ef6617849406814e5a4144fb5806377f4fb619

openssh-server-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: dbc2ce5efefc30bc56c88de1847de3636d82398ce2a205d2382f44b6347f35ed

openssh-server-debuginfo-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: fae59d65549c9d7514056e621e5c99d0e138f63280162d43aa4f2b2c9a5cd8b2

openssh-server-debuginfo-8.0p1-7.el8_4.ppc64le.rpm

SHA-256: fae59d65549c9d7514056e621e5c99d0e138f63280162d43aa4f2b2c9a5cd8b2

pam_ssh_agent_auth-0.10.3-7.7.el8_4.1.ppc64le.rpm

SHA-256: 7b60b4d23ed02304a9bfbf1ad746dfcb833a1b56ce71dd97657b5cc090a838ac

pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.1.ppc64le.rpm

SHA-256: 31c1a00399af6931fd78b200ea38fad06a7a64419984045c428a6617d4ca2a39

pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.1.ppc64le.rpm

SHA-256: 31c1a00399af6931fd78b200ea38fad06a7a64419984045c428a6617d4ca2a39

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM

openssh-8.0p1-7.el8_4.src.rpm

SHA-256: cd4e571748dfdcb644d2b9ff4333ce2ef61cb973ea7e55f057bf4e9e675881a4

x86_64

openssh-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 7e5e979a9e934a77c1ecf162841a83994db4f691686066f26bb537e4152f1ee3

openssh-askpass-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 94d0c5dd4903a069c7a34d529a3a3e8d84480cc2705561f509ffc6cf732037fe

openssh-askpass-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 6d3c8cc94e56e5ae27838296d7d620543929772c8f569e36eb0de60d492e6a08

openssh-askpass-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 6d3c8cc94e56e5ae27838296d7d620543929772c8f569e36eb0de60d492e6a08

openssh-cavs-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 319795f5bba2b43644bf4f1a615cc6a8568fc185dd9d66e48ba686e0a11464fc

openssh-cavs-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: fda494c0d977432cef599fd97244b3d1500eb1f83cd15af621856bb927a232d5

openssh-cavs-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: fda494c0d977432cef599fd97244b3d1500eb1f83cd15af621856bb927a232d5

openssh-clients-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 3047d642ce385f94fbc894846b1b5fabc44fd5404fdb5ff94c49543439c53ad4

openssh-clients-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: afa8c1808633bdd76b5d2bef1aad7055dad1ea85f80c3877d427ab05bfb9c329

openssh-clients-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: afa8c1808633bdd76b5d2bef1aad7055dad1ea85f80c3877d427ab05bfb9c329

openssh-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: b1478bd2a7d63a607ebba58d9db7c7977add120c9febaff9b33517d4893cae4e

openssh-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: b1478bd2a7d63a607ebba58d9db7c7977add120c9febaff9b33517d4893cae4e

openssh-debugsource-8.0p1-7.el8_4.x86_64.rpm

SHA-256: c80bbf15da6991cec9af689384cb7b8bfab39a3ff73a5913da7e7bb1f7e4714a

openssh-debugsource-8.0p1-7.el8_4.x86_64.rpm

SHA-256: c80bbf15da6991cec9af689384cb7b8bfab39a3ff73a5913da7e7bb1f7e4714a

openssh-keycat-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 804378212dc7a7df84f6602c996157081b4eaf3ff2f138f216380f8a0713b1c4

openssh-keycat-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 57bb7cc4ad356a731827ac635abb2ed94213ce80bf01142cdb83ec2eb5628cf2

openssh-keycat-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 57bb7cc4ad356a731827ac635abb2ed94213ce80bf01142cdb83ec2eb5628cf2

openssh-ldap-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 055297c8f8e5db068e65a7ab89d554eadc0f6d3f36530bde4606eb0f2e426827

openssh-ldap-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: fea4d9bf64c3cbdb336666aa4bb5b3c4d8681999a89e792e8b18a8db82b676c6

openssh-ldap-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: fea4d9bf64c3cbdb336666aa4bb5b3c4d8681999a89e792e8b18a8db82b676c6

openssh-server-8.0p1-7.el8_4.x86_64.rpm

SHA-256: 5fa3119dacf3b467fb41a8a9746ef0335fc8c566928b92865a00269051dd901d

openssh-server-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: a1229c27e9ea72ea942eb52417e6403f7151fbeb9f68042a2645cfcba3028b78

openssh-server-debuginfo-8.0p1-7.el8_4.x86_64.rpm

SHA-256: a1229c27e9ea72ea942eb52417e6403f7151fbeb9f68042a2645cfcba3028b78

pam_ssh_agent_auth-0.10.3-7.7.el8_4.1.x86_64.rpm

SHA-256: 9a5d5977876f21f2fd88be7accac0608f58668ba5879e6fed8e99b5d37b1f037

pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.1.x86_64.rpm

SHA-256: ddc39b174289950cc07583a577102bc3ec2366cf405850a7076b2fd61a54e1df

pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.1.x86_64.rpm

SHA-256: ddc39b174289950cc07583a577102bc3ec2366cf405850a7076b2fd61a54e1df

Related news

CVE-2023-45085: Releases - HyperCloud Docs

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

RHSA-2023:5029: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40029: A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via i...

Red Hat Security Advisory 2023-4982-01

Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.

Red Hat Security Advisory 2023-4972-01

Red Hat Security Advisory 2023-4972-01 - Multicluster Engine for Kubernetes 2.1.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-4893-01

Red Hat Security Advisory 2023-4893-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

RHSA-2023:4889: Red Hat Security Advisory: DevWorkspace Operator 0.22 release

Red Hat DevWorkspace Operator 0.22 has been released. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-...

Red Hat Security Advisory 2023-4875-01

Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.

CVE-2023-40371: Security Bulletin: AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH (CVE-2023-40371 and CVE-2023-38408)

IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.

Red Hat Security Advisory 2023-4650-01

Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

Red Hat Security Advisory 2023-4575-01

Red Hat Security Advisory 2023-4575-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.

Red Hat Security Advisory 2023-4576-01

Red Hat Security Advisory 2023-4576-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.

RHSA-2023:4456: Red Hat Security Advisory: OpenShift Container Platform 4.13.8 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

Red Hat Security Advisory 2023-4428-01

Red Hat Security Advisory 2023-4428-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4413-01

Red Hat Security Advisory 2023-4413-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4419-01

Red Hat Security Advisory 2023-4419-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

RHSA-2023:4428: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an a...

Ubuntu Security Notice USN-6242-2

Ubuntu Security Notice 6242-2 - USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

RHSA-2023:4382: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the...

RHSA-2023:4384: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarde...

RHSA-2023:4383: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw al...

Red Hat Security Advisory 2023-4329-01

Red Hat Security Advisory 2023-4329-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

RHSA-2023:4329: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an at...

Ubuntu Security Notice USN-6242-1

Ubuntu Security Notice 6242-1 - It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

OpenSSH Forwarded SSH-Agent Remote Code Execution

The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.

CVE-2023-38408: Disallow remote addition of FIDO/PKCS11 provider libraries to · openbsd/src@7bc29a9

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.