Headline
RHSA-2023:4381: Red Hat Security Advisory: openssh security update
An update for openssh is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.
Synopsis
Important: openssh security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openssh is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.
Security Fix(es):
- openssh: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux Server - AUS 8.4 x86_64
- Red Hat Enterprise Linux Server - TUS 8.4 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64
Fixes
- BZ - 2224173 - CVE-2023-38408 openssh: Remote code execution in ssh-agent PKCS#11 support
Red Hat Enterprise Linux Server - AUS 8.4
SRPM
openssh-8.0p1-7.el8_4.src.rpm
SHA-256: cd4e571748dfdcb644d2b9ff4333ce2ef61cb973ea7e55f057bf4e9e675881a4
x86_64
openssh-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 7e5e979a9e934a77c1ecf162841a83994db4f691686066f26bb537e4152f1ee3
openssh-askpass-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 94d0c5dd4903a069c7a34d529a3a3e8d84480cc2705561f509ffc6cf732037fe
openssh-askpass-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 6d3c8cc94e56e5ae27838296d7d620543929772c8f569e36eb0de60d492e6a08
openssh-askpass-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 6d3c8cc94e56e5ae27838296d7d620543929772c8f569e36eb0de60d492e6a08
openssh-cavs-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 319795f5bba2b43644bf4f1a615cc6a8568fc185dd9d66e48ba686e0a11464fc
openssh-cavs-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: fda494c0d977432cef599fd97244b3d1500eb1f83cd15af621856bb927a232d5
openssh-cavs-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: fda494c0d977432cef599fd97244b3d1500eb1f83cd15af621856bb927a232d5
openssh-clients-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 3047d642ce385f94fbc894846b1b5fabc44fd5404fdb5ff94c49543439c53ad4
openssh-clients-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: afa8c1808633bdd76b5d2bef1aad7055dad1ea85f80c3877d427ab05bfb9c329
openssh-clients-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: afa8c1808633bdd76b5d2bef1aad7055dad1ea85f80c3877d427ab05bfb9c329
openssh-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: b1478bd2a7d63a607ebba58d9db7c7977add120c9febaff9b33517d4893cae4e
openssh-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: b1478bd2a7d63a607ebba58d9db7c7977add120c9febaff9b33517d4893cae4e
openssh-debugsource-8.0p1-7.el8_4.x86_64.rpm
SHA-256: c80bbf15da6991cec9af689384cb7b8bfab39a3ff73a5913da7e7bb1f7e4714a
openssh-debugsource-8.0p1-7.el8_4.x86_64.rpm
SHA-256: c80bbf15da6991cec9af689384cb7b8bfab39a3ff73a5913da7e7bb1f7e4714a
openssh-keycat-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 804378212dc7a7df84f6602c996157081b4eaf3ff2f138f216380f8a0713b1c4
openssh-keycat-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 57bb7cc4ad356a731827ac635abb2ed94213ce80bf01142cdb83ec2eb5628cf2
openssh-keycat-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 57bb7cc4ad356a731827ac635abb2ed94213ce80bf01142cdb83ec2eb5628cf2
openssh-ldap-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 055297c8f8e5db068e65a7ab89d554eadc0f6d3f36530bde4606eb0f2e426827
openssh-ldap-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: fea4d9bf64c3cbdb336666aa4bb5b3c4d8681999a89e792e8b18a8db82b676c6
openssh-ldap-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: fea4d9bf64c3cbdb336666aa4bb5b3c4d8681999a89e792e8b18a8db82b676c6
openssh-server-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 5fa3119dacf3b467fb41a8a9746ef0335fc8c566928b92865a00269051dd901d
openssh-server-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: a1229c27e9ea72ea942eb52417e6403f7151fbeb9f68042a2645cfcba3028b78
openssh-server-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: a1229c27e9ea72ea942eb52417e6403f7151fbeb9f68042a2645cfcba3028b78
pam_ssh_agent_auth-0.10.3-7.7.el8_4.1.x86_64.rpm
SHA-256: 9a5d5977876f21f2fd88be7accac0608f58668ba5879e6fed8e99b5d37b1f037
pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.1.x86_64.rpm
SHA-256: ddc39b174289950cc07583a577102bc3ec2366cf405850a7076b2fd61a54e1df
pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.1.x86_64.rpm
SHA-256: ddc39b174289950cc07583a577102bc3ec2366cf405850a7076b2fd61a54e1df
Red Hat Enterprise Linux Server - TUS 8.4
SRPM
openssh-8.0p1-7.el8_4.src.rpm
SHA-256: cd4e571748dfdcb644d2b9ff4333ce2ef61cb973ea7e55f057bf4e9e675881a4
x86_64
openssh-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 7e5e979a9e934a77c1ecf162841a83994db4f691686066f26bb537e4152f1ee3
openssh-askpass-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 94d0c5dd4903a069c7a34d529a3a3e8d84480cc2705561f509ffc6cf732037fe
openssh-askpass-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 6d3c8cc94e56e5ae27838296d7d620543929772c8f569e36eb0de60d492e6a08
openssh-askpass-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 6d3c8cc94e56e5ae27838296d7d620543929772c8f569e36eb0de60d492e6a08
openssh-cavs-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 319795f5bba2b43644bf4f1a615cc6a8568fc185dd9d66e48ba686e0a11464fc
openssh-cavs-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: fda494c0d977432cef599fd97244b3d1500eb1f83cd15af621856bb927a232d5
openssh-cavs-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: fda494c0d977432cef599fd97244b3d1500eb1f83cd15af621856bb927a232d5
openssh-clients-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 3047d642ce385f94fbc894846b1b5fabc44fd5404fdb5ff94c49543439c53ad4
openssh-clients-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: afa8c1808633bdd76b5d2bef1aad7055dad1ea85f80c3877d427ab05bfb9c329
openssh-clients-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: afa8c1808633bdd76b5d2bef1aad7055dad1ea85f80c3877d427ab05bfb9c329
openssh-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: b1478bd2a7d63a607ebba58d9db7c7977add120c9febaff9b33517d4893cae4e
openssh-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: b1478bd2a7d63a607ebba58d9db7c7977add120c9febaff9b33517d4893cae4e
openssh-debugsource-8.0p1-7.el8_4.x86_64.rpm
SHA-256: c80bbf15da6991cec9af689384cb7b8bfab39a3ff73a5913da7e7bb1f7e4714a
openssh-debugsource-8.0p1-7.el8_4.x86_64.rpm
SHA-256: c80bbf15da6991cec9af689384cb7b8bfab39a3ff73a5913da7e7bb1f7e4714a
openssh-keycat-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 804378212dc7a7df84f6602c996157081b4eaf3ff2f138f216380f8a0713b1c4
openssh-keycat-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 57bb7cc4ad356a731827ac635abb2ed94213ce80bf01142cdb83ec2eb5628cf2
openssh-keycat-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 57bb7cc4ad356a731827ac635abb2ed94213ce80bf01142cdb83ec2eb5628cf2
openssh-ldap-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 055297c8f8e5db068e65a7ab89d554eadc0f6d3f36530bde4606eb0f2e426827
openssh-ldap-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: fea4d9bf64c3cbdb336666aa4bb5b3c4d8681999a89e792e8b18a8db82b676c6
openssh-ldap-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: fea4d9bf64c3cbdb336666aa4bb5b3c4d8681999a89e792e8b18a8db82b676c6
openssh-server-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 5fa3119dacf3b467fb41a8a9746ef0335fc8c566928b92865a00269051dd901d
openssh-server-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: a1229c27e9ea72ea942eb52417e6403f7151fbeb9f68042a2645cfcba3028b78
openssh-server-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: a1229c27e9ea72ea942eb52417e6403f7151fbeb9f68042a2645cfcba3028b78
pam_ssh_agent_auth-0.10.3-7.7.el8_4.1.x86_64.rpm
SHA-256: 9a5d5977876f21f2fd88be7accac0608f58668ba5879e6fed8e99b5d37b1f037
pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.1.x86_64.rpm
SHA-256: ddc39b174289950cc07583a577102bc3ec2366cf405850a7076b2fd61a54e1df
pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.1.x86_64.rpm
SHA-256: ddc39b174289950cc07583a577102bc3ec2366cf405850a7076b2fd61a54e1df
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4
SRPM
openssh-8.0p1-7.el8_4.src.rpm
SHA-256: cd4e571748dfdcb644d2b9ff4333ce2ef61cb973ea7e55f057bf4e9e675881a4
ppc64le
openssh-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: 5eb743ef0c70c52cff856f15cece5fa8bbf35a3531b00593c4cfc57339643fef
openssh-askpass-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: 38abf6dd04c167269dd5bb76af26f2e9882b131fb122d2f9117f7e56d6f5e8af
openssh-askpass-debuginfo-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: 26c7db01dc6cde66cdc257181b8a6ba8803b2b76b9119e155e8758e633268189
openssh-askpass-debuginfo-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: 26c7db01dc6cde66cdc257181b8a6ba8803b2b76b9119e155e8758e633268189
openssh-cavs-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: 9649ed101b4572df5084ef901e1549e2d4e95e4b46b688b6938b842bb0325d15
openssh-cavs-debuginfo-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: 21a969e72874870e59a86e51b4fc3d9719e0808eede026c26ae76083468ec741
openssh-cavs-debuginfo-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: 21a969e72874870e59a86e51b4fc3d9719e0808eede026c26ae76083468ec741
openssh-clients-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: 17bdb9ec627042435258926b54770b2de60558d2d573ac8894634fb3b822008c
openssh-clients-debuginfo-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: 75d44dadfb1dba03e9e7ff587a26a743c305c7265bbb140e5061baf0fbb76dc1
openssh-clients-debuginfo-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: 75d44dadfb1dba03e9e7ff587a26a743c305c7265bbb140e5061baf0fbb76dc1
openssh-debuginfo-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: ee13908566445f30d5402f1a14a7782390f0a41c8e6bef65145aa6d6ab0402d5
openssh-debuginfo-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: ee13908566445f30d5402f1a14a7782390f0a41c8e6bef65145aa6d6ab0402d5
openssh-debugsource-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: c5025a41be610d95c61fafb400f10bf97dbdcde91077dd34b832fcd8fdff0222
openssh-debugsource-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: c5025a41be610d95c61fafb400f10bf97dbdcde91077dd34b832fcd8fdff0222
openssh-keycat-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: 36e01c53e6287cf488dd4f0653691d99ba004d971d33cd3563d93b345635ca52
openssh-keycat-debuginfo-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: abaad04fa9c39966f413368664a897b703133184e83c116aa543917b4148cdaa
openssh-keycat-debuginfo-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: abaad04fa9c39966f413368664a897b703133184e83c116aa543917b4148cdaa
openssh-ldap-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: 75da44981b8970fbe0dc1c1350fdec5b3b488b5cfffb765d6a04efabef42ef9d
openssh-ldap-debuginfo-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: 324c6f8ef60187a08c5a913de2ef6617849406814e5a4144fb5806377f4fb619
openssh-ldap-debuginfo-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: 324c6f8ef60187a08c5a913de2ef6617849406814e5a4144fb5806377f4fb619
openssh-server-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: dbc2ce5efefc30bc56c88de1847de3636d82398ce2a205d2382f44b6347f35ed
openssh-server-debuginfo-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: fae59d65549c9d7514056e621e5c99d0e138f63280162d43aa4f2b2c9a5cd8b2
openssh-server-debuginfo-8.0p1-7.el8_4.ppc64le.rpm
SHA-256: fae59d65549c9d7514056e621e5c99d0e138f63280162d43aa4f2b2c9a5cd8b2
pam_ssh_agent_auth-0.10.3-7.7.el8_4.1.ppc64le.rpm
SHA-256: 7b60b4d23ed02304a9bfbf1ad746dfcb833a1b56ce71dd97657b5cc090a838ac
pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.1.ppc64le.rpm
SHA-256: 31c1a00399af6931fd78b200ea38fad06a7a64419984045c428a6617d4ca2a39
pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.1.ppc64le.rpm
SHA-256: 31c1a00399af6931fd78b200ea38fad06a7a64419984045c428a6617d4ca2a39
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4
SRPM
openssh-8.0p1-7.el8_4.src.rpm
SHA-256: cd4e571748dfdcb644d2b9ff4333ce2ef61cb973ea7e55f057bf4e9e675881a4
x86_64
openssh-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 7e5e979a9e934a77c1ecf162841a83994db4f691686066f26bb537e4152f1ee3
openssh-askpass-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 94d0c5dd4903a069c7a34d529a3a3e8d84480cc2705561f509ffc6cf732037fe
openssh-askpass-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 6d3c8cc94e56e5ae27838296d7d620543929772c8f569e36eb0de60d492e6a08
openssh-askpass-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 6d3c8cc94e56e5ae27838296d7d620543929772c8f569e36eb0de60d492e6a08
openssh-cavs-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 319795f5bba2b43644bf4f1a615cc6a8568fc185dd9d66e48ba686e0a11464fc
openssh-cavs-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: fda494c0d977432cef599fd97244b3d1500eb1f83cd15af621856bb927a232d5
openssh-cavs-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: fda494c0d977432cef599fd97244b3d1500eb1f83cd15af621856bb927a232d5
openssh-clients-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 3047d642ce385f94fbc894846b1b5fabc44fd5404fdb5ff94c49543439c53ad4
openssh-clients-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: afa8c1808633bdd76b5d2bef1aad7055dad1ea85f80c3877d427ab05bfb9c329
openssh-clients-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: afa8c1808633bdd76b5d2bef1aad7055dad1ea85f80c3877d427ab05bfb9c329
openssh-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: b1478bd2a7d63a607ebba58d9db7c7977add120c9febaff9b33517d4893cae4e
openssh-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: b1478bd2a7d63a607ebba58d9db7c7977add120c9febaff9b33517d4893cae4e
openssh-debugsource-8.0p1-7.el8_4.x86_64.rpm
SHA-256: c80bbf15da6991cec9af689384cb7b8bfab39a3ff73a5913da7e7bb1f7e4714a
openssh-debugsource-8.0p1-7.el8_4.x86_64.rpm
SHA-256: c80bbf15da6991cec9af689384cb7b8bfab39a3ff73a5913da7e7bb1f7e4714a
openssh-keycat-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 804378212dc7a7df84f6602c996157081b4eaf3ff2f138f216380f8a0713b1c4
openssh-keycat-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 57bb7cc4ad356a731827ac635abb2ed94213ce80bf01142cdb83ec2eb5628cf2
openssh-keycat-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 57bb7cc4ad356a731827ac635abb2ed94213ce80bf01142cdb83ec2eb5628cf2
openssh-ldap-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 055297c8f8e5db068e65a7ab89d554eadc0f6d3f36530bde4606eb0f2e426827
openssh-ldap-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: fea4d9bf64c3cbdb336666aa4bb5b3c4d8681999a89e792e8b18a8db82b676c6
openssh-ldap-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: fea4d9bf64c3cbdb336666aa4bb5b3c4d8681999a89e792e8b18a8db82b676c6
openssh-server-8.0p1-7.el8_4.x86_64.rpm
SHA-256: 5fa3119dacf3b467fb41a8a9746ef0335fc8c566928b92865a00269051dd901d
openssh-server-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: a1229c27e9ea72ea942eb52417e6403f7151fbeb9f68042a2645cfcba3028b78
openssh-server-debuginfo-8.0p1-7.el8_4.x86_64.rpm
SHA-256: a1229c27e9ea72ea942eb52417e6403f7151fbeb9f68042a2645cfcba3028b78
pam_ssh_agent_auth-0.10.3-7.7.el8_4.1.x86_64.rpm
SHA-256: 9a5d5977876f21f2fd88be7accac0608f58668ba5879e6fed8e99b5d37b1f037
pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.1.x86_64.rpm
SHA-256: ddc39b174289950cc07583a577102bc3ec2366cf405850a7076b2fd61a54e1df
pam_ssh_agent_auth-debuginfo-0.10.3-7.7.el8_4.1.x86_64.rpm
SHA-256: ddc39b174289950cc07583a577102bc3ec2366cf405850a7076b2fd61a54e1df
Related news
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
An update is now available for Red Hat OpenShift GitOps 1.9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40029: A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via i...
Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.
Red Hat Security Advisory 2023-4972-01 - Multicluster Engine for Kubernetes 2.1.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-4893-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Red Hat DevWorkspace Operator 0.22 has been released. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-...
Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.
IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.
Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Red Hat Security Advisory 2023-4575-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.
Red Hat Security Advisory 2023-4576-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.
Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Red Hat Security Advisory 2023-4428-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-4413-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-4419-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.
An update for openssh is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an a...
Ubuntu Security Notice 6242-2 - USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.
An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the...
An update for openssh is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarde...
An update for openssh is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw al...
Red Hat Security Advisory 2023-4329-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.
An update for openssh is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an at...
Ubuntu Security Notice 6242-1 - It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.
Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.
The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.