Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4383: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#kubernetes#rce#ldap#aws#auth#ssh#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Publié :

2023-08-01

Mis à jour :

2023-08-01

RHSA-2023:4383 - Security Advisory

  • Aperçu général
  • Paquets mis à jour

Synopsis

Important: openssh security update

Type / Sévérité

Security Advisory: Important

Analyse des correctifs dans Red Hat Insights

Identifiez et remédiez aux systèmes concernés par cette alerte.

Voir les systèmes concernés

Sujet

An update for openssh is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

  • openssh: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.

Produits concernés

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Correctifs

  • BZ - 2224173 - CVE-2023-38408 openssh: Remote code execution in ssh-agent PKCS#11 support

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM

openssh-8.0p1-5.el8_1.1.src.rpm

SHA-256: fd88518a7e980df8773e5e2348cea718d6ac27ae94f21e76da2a48317ab3534e

ppc64le

openssh-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: eb095dd6cd8ba160a2e23f1087aec4d4fb6f92db747bdf2ac971272e6fa3fd60

openssh-askpass-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: 10eac37f31e0797745ef8058e4d445c858d129b72fd7318bb6a371da0eb57c40

openssh-askpass-debuginfo-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: 0a726b18936128b9c0ea552731804b78b45c7251bad1c2474dce1c378d62ba44

openssh-askpass-debuginfo-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: 0a726b18936128b9c0ea552731804b78b45c7251bad1c2474dce1c378d62ba44

openssh-cavs-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: 27f207a9dd75671c9d58e75f8bc3cd44f612f7e830131634423893a990842a94

openssh-cavs-debuginfo-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: cf67524be24e42dca9ebf4d48a21ce64f9dcb46956b222da97dffd794ca031eb

openssh-cavs-debuginfo-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: cf67524be24e42dca9ebf4d48a21ce64f9dcb46956b222da97dffd794ca031eb

openssh-clients-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: 5959ae7e18ca1860388d4e7720b41fdfcde4ebb8fa6dd762e1f8bf462a31c1ee

openssh-clients-debuginfo-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: 5888b623774f6472ac001c77625f5fddc43a36b7cd0e676282b7a3185d0d409f

openssh-clients-debuginfo-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: 5888b623774f6472ac001c77625f5fddc43a36b7cd0e676282b7a3185d0d409f

openssh-debuginfo-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: b913cc4c154631e8391183c1a590873deea51fa2781928d911fe91fd2b230dbb

openssh-debuginfo-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: b913cc4c154631e8391183c1a590873deea51fa2781928d911fe91fd2b230dbb

openssh-debugsource-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: d94cef098e553dd210df89cadfd5f61fb3b8a681d8188f6d7561331a6fa83ebb

openssh-debugsource-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: d94cef098e553dd210df89cadfd5f61fb3b8a681d8188f6d7561331a6fa83ebb

openssh-keycat-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: b1a672aaa9b88938d9ba0000d1a3dcb9d98755596929ca7ea0e5f490de6552d6

openssh-keycat-debuginfo-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: ae59765bdf1879a8cee3118bcb100f986115ef3672f3b1421235818b3ee0ff95

openssh-keycat-debuginfo-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: ae59765bdf1879a8cee3118bcb100f986115ef3672f3b1421235818b3ee0ff95

openssh-ldap-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: 6cc202ea058d1877b3b10acb817b02721634aff6a73cf53ae9eabfdca6804214

openssh-ldap-debuginfo-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: b31937774c6bae2b0c5974b918d2871de39ba44215641fbe56dda03f966cb207

openssh-ldap-debuginfo-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: b31937774c6bae2b0c5974b918d2871de39ba44215641fbe56dda03f966cb207

openssh-server-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: 7b47ef66d34f39e71c4067ea680c391b46760de9d89badd1ecfd5260d89230a9

openssh-server-debuginfo-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: 90b97f2255f33944045007196d920690531f952c2f232c1e25007b997b9a8a37

openssh-server-debuginfo-8.0p1-5.el8_1.1.ppc64le.rpm

SHA-256: 90b97f2255f33944045007196d920690531f952c2f232c1e25007b997b9a8a37

pam_ssh_agent_auth-0.10.3-7.5.el8_1.ppc64le.rpm

SHA-256: 246afc8a86d2d7683b188a69d972de30545b0cbe45e8487fc8b33cdbfb730fc0

pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_1.ppc64le.rpm

SHA-256: 0a926e6ef1dd2a94833344098c05304ad4eef3cfc73dc87fa76b87f42fe49f99

pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_1.ppc64le.rpm

SHA-256: 0a926e6ef1dd2a94833344098c05304ad4eef3cfc73dc87fa76b87f42fe49f99

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM

openssh-8.0p1-5.el8_1.1.src.rpm

SHA-256: fd88518a7e980df8773e5e2348cea718d6ac27ae94f21e76da2a48317ab3534e

x86_64

openssh-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: 825f64975d0c2860fb7bf9878007dee6890896e3b03bebdf9a4c46e824dbde35

openssh-askpass-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: c9e29b9aec19fdf32fa1ee9bc05f7d176b1caa5e9ea77a366aee1e931228ab0c

openssh-askpass-debuginfo-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: d62797367bf44343a8f91bdb0d1e49dcb8c0165e5d7b13c2c5b2f29e58af5b75

openssh-askpass-debuginfo-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: d62797367bf44343a8f91bdb0d1e49dcb8c0165e5d7b13c2c5b2f29e58af5b75

openssh-cavs-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: 6d841a8703f0f6266b6b261786ba15305635768031b6b1362d5cb6f49f3ba3b7

openssh-cavs-debuginfo-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: 269477ec34d7409ee07cd7bce4879f2234241b0b664f510367ff36a781d7deb6

openssh-cavs-debuginfo-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: 269477ec34d7409ee07cd7bce4879f2234241b0b664f510367ff36a781d7deb6

openssh-clients-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: 2a7784a744c96713c424d697fbeed7e066e87eac6f3e404d3f7da7cbb3146100

openssh-clients-debuginfo-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: b798380f03c5ed0a33b7c556c6a6cacb3d19871e5ecf162485f82de4399d70ef

openssh-clients-debuginfo-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: b798380f03c5ed0a33b7c556c6a6cacb3d19871e5ecf162485f82de4399d70ef

openssh-debuginfo-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: 416707ca92303235cadc706be49cb8818ac3bcc63308c6935f8ab46086521ae4

openssh-debuginfo-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: 416707ca92303235cadc706be49cb8818ac3bcc63308c6935f8ab46086521ae4

openssh-debugsource-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: f98472d1e1a61eea2eb0d8b9d56800922872a75edcf92d46868c517a8a5a8935

openssh-debugsource-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: f98472d1e1a61eea2eb0d8b9d56800922872a75edcf92d46868c517a8a5a8935

openssh-keycat-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: daec09f5b8b3c9bb6b29551a71cfbe9f1e94917036274e112dd4348a0bea8be5

openssh-keycat-debuginfo-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: 29cf0dd1ba370bdf2ce3f64842a3ef4d27f05ca9de084c0bcf52cb048f777854

openssh-keycat-debuginfo-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: 29cf0dd1ba370bdf2ce3f64842a3ef4d27f05ca9de084c0bcf52cb048f777854

openssh-ldap-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: 0924374f470cbddf0ff9866b243240a03e017815e024d544cca3f399a08ccff1

openssh-ldap-debuginfo-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: c970bf76c017abd551b5e57e96f35cdd28d6a74cd24d45248658c3d313ed8e8c

openssh-ldap-debuginfo-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: c970bf76c017abd551b5e57e96f35cdd28d6a74cd24d45248658c3d313ed8e8c

openssh-server-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: 8143d8935509d9052b29f791aa3ce35acd80b165d59156cf1c7be394bff776b8

openssh-server-debuginfo-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: 390b8f1e1ef3df559282fab4ddc09b676cfcfd2a3fc70ec258843bd1d291e695

openssh-server-debuginfo-8.0p1-5.el8_1.1.x86_64.rpm

SHA-256: 390b8f1e1ef3df559282fab4ddc09b676cfcfd2a3fc70ec258843bd1d291e695

pam_ssh_agent_auth-0.10.3-7.5.el8_1.x86_64.rpm

SHA-256: 01b8f603567e79b7a70a8d792c7ca31f3efce04b1fecad58431807dc0c9be51f

pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_1.x86_64.rpm

SHA-256: 1a14aebd7ab6b1167d57e6eb32ecfae6cf4105e2bb8eff62f496b7399caea2a9

pam_ssh_agent_auth-debuginfo-0.10.3-7.5.el8_1.x86_64.rpm

SHA-256: 1a14aebd7ab6b1167d57e6eb32ecfae6cf4105e2bb8eff62f496b7399caea2a9

Le contact Red Hat Security est [email protected]. Plus d’infos contact à https://access.redhat.com/security/team/contact/.

Related news

CVE-2023-48660: DSA-2023-443: Dell PowerMaxOS 5978, Dell Unisphere 360, Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Solutions Enabler Virtual Appliance, and Dell PowerMax EEM Secu

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

CVE-2023-30994: Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138

Red Hat Security Advisory 2023-5029-01

Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.

RHSA-2023:4972: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.8 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to esc...

Red Hat Security Advisory 2023-4889-01

Red Hat Security Advisory 2023-4889-01 - The DevWorkspace Operator extends OpenShift to provide DevWorkspace support. Issues addressed include a code execution vulnerability.

RHSA-2023:4892: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.12 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.12 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24532: A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.

RHSA-2023:4875: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.1 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.8.1 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3027: The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created polic...

CVE-2023-40371: Security Bulletin: AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH (CVE-2023-40371 and CVE-2023-38408)

IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.

Red Hat Security Advisory 2023-4650-01

Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

Red Hat Security Advisory 2023-4576-01

Red Hat Security Advisory 2023-4576-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.

Red Hat Security Advisory 2023-4456-01

Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.

RHSA-2023:4456: Red Hat Security Advisory: OpenShift Container Platform 4.13.8 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

Red Hat Security Advisory 2023-4428-01

Red Hat Security Advisory 2023-4428-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4413-01

Red Hat Security Advisory 2023-4413-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4419-01

Red Hat Security Advisory 2023-4419-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

RHSA-2023:4428: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an a...

Ubuntu Security Notice USN-6242-2

Ubuntu Security Notice 6242-2 - USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

RHSA-2023:4382: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the...

RHSA-2023:4384: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarde...

RHSA-2023:4381: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an ...

Red Hat Security Advisory 2023-4329-01

Red Hat Security Advisory 2023-4329-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

RHSA-2023:4329: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an at...

Ubuntu Security Notice USN-6242-1

Ubuntu Security Notice 6242-1 - It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

OpenSSH Forwarded SSH-Agent Remote Code Execution

The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.

CVE-2023-38408: Disallow remote addition of FIDO/PKCS11 provider libraries to · openbsd/src@7bc29a9

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.