Headline
RHSA-2023:4329: Red Hat Security Advisory: openssh security update
An update for openssh is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.
Synopsis
Important: openssh security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openssh is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.
Security Fix(es):
- openssh: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2224173 - CVE-2023-38408 openssh: Remote code execution in ssh-agent PKCS#11 support
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
openssh-8.7p1-11.el9_0.src.rpm
SHA-256: 7e0d9bd0a2d5bf78efa25b9eff41c99979689fcda41fe35e027d40f847f2f9f4
x86_64
openssh-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 6aadcdf61cb59f22fb9db95059504de4d5491d4630f6f7d56b5b6dbb4284d381
openssh-askpass-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 58c3de0f85eb175bf7c954dc89d453eda480d39a8cee22e5e3fd3b27496b61e5
openssh-askpass-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 92de533fef16679769701b5bd5da7b763c8dc6528405d7d8b217b0c3040f66fe
openssh-askpass-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 92de533fef16679769701b5bd5da7b763c8dc6528405d7d8b217b0c3040f66fe
openssh-clients-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 787e0cc95ce7ed8652e0779593abe68cdcbfcca3c2176968c8476632fc2956a2
openssh-clients-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: fccdb49dc063e0162cbb50710b23c0889e71e6df7cb61769a764a4b489f9ec97
openssh-clients-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: fccdb49dc063e0162cbb50710b23c0889e71e6df7cb61769a764a4b489f9ec97
openssh-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: a2dad2c9f4562da84df5b58bc5ff94d371a86a02b216b9dbea5a3ad38b2b59d5
openssh-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: a2dad2c9f4562da84df5b58bc5ff94d371a86a02b216b9dbea5a3ad38b2b59d5
openssh-debugsource-8.7p1-11.el9_0.x86_64.rpm
SHA-256: e27b2a6be29546e42dcccf251b6c48e00305feab6b56c003fb8ec407f3411270
openssh-debugsource-8.7p1-11.el9_0.x86_64.rpm
SHA-256: e27b2a6be29546e42dcccf251b6c48e00305feab6b56c003fb8ec407f3411270
openssh-keycat-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 6389665aa333e11be92673c7cfa322b24d862f8ca479ff91bad5da856a5d8d19
openssh-keycat-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: e62715318c437811c2001ae4d96cf4a2932f93c818d797cd81c5db85a66a89f5
openssh-keycat-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: e62715318c437811c2001ae4d96cf4a2932f93c818d797cd81c5db85a66a89f5
openssh-server-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 7681efb79d6f69f7ef1db521437ca63874c5bc27862ffa47714d0284e34446ca
openssh-server-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 4ef00f7c46d66a6f51fa4ea7e3053252188d0bcb4513c4c461d42e784958a1f3
openssh-server-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 4ef00f7c46d66a6f51fa4ea7e3053252188d0bcb4513c4c461d42e784958a1f3
pam_ssh_agent_auth-0.10.4-4.11.el9_0.x86_64.rpm
SHA-256: 3df77c09183916a3faa898f25276725ab0056bcd710f9e5bfeb4bfa23c3da93c
pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.x86_64.rpm
SHA-256: 6f2829fbae4276c27c3d04d9077bdbe23b5d8474765079a0817b3e918aafe60d
pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.x86_64.rpm
SHA-256: 6f2829fbae4276c27c3d04d9077bdbe23b5d8474765079a0817b3e918aafe60d
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
openssh-8.7p1-11.el9_0.src.rpm
SHA-256: 7e0d9bd0a2d5bf78efa25b9eff41c99979689fcda41fe35e027d40f847f2f9f4
s390x
openssh-8.7p1-11.el9_0.s390x.rpm
SHA-256: a7dd5035006c1d71e586eb0fbcc1bc94b52ef650e86d5bc742ed2e108ef3abc0
openssh-askpass-8.7p1-11.el9_0.s390x.rpm
SHA-256: 15431c449c5e98f5a4bb1797114ec9c3dc4d3a21e8273e536b416708a01bae30
openssh-askpass-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: a431bd0cb2920cca182ee77323a3a5b0060ea13a4b0393a6ad4da7cec5c36874
openssh-askpass-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: a431bd0cb2920cca182ee77323a3a5b0060ea13a4b0393a6ad4da7cec5c36874
openssh-clients-8.7p1-11.el9_0.s390x.rpm
SHA-256: 567b24f7e5a5408e371b3bad1b03289cf14afc365c76c2a302ca67647afe424e
openssh-clients-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: 8c8c9b8a05f03c60f127730c06616264e1f4868642bec2881dc2f37cdad7057a
openssh-clients-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: 8c8c9b8a05f03c60f127730c06616264e1f4868642bec2881dc2f37cdad7057a
openssh-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: 4d3d7d3629d18f98ac101cf008d60c7b1f9519bf5029c1e35b584bfc25d05768
openssh-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: 4d3d7d3629d18f98ac101cf008d60c7b1f9519bf5029c1e35b584bfc25d05768
openssh-debugsource-8.7p1-11.el9_0.s390x.rpm
SHA-256: 3a1cd7caea6b7534dbfe4f9c370bd2cdaff3cdac99cac30abd37f90c8ff73752
openssh-debugsource-8.7p1-11.el9_0.s390x.rpm
SHA-256: 3a1cd7caea6b7534dbfe4f9c370bd2cdaff3cdac99cac30abd37f90c8ff73752
openssh-keycat-8.7p1-11.el9_0.s390x.rpm
SHA-256: a343d89759baee3265a126f01b8ff506bc85869c5768b36711bae42a6471997b
openssh-keycat-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: 6622a5013fe6c0fd22360544f1a8f26173b573acb9729f35c39d321b43d3f956
openssh-keycat-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: 6622a5013fe6c0fd22360544f1a8f26173b573acb9729f35c39d321b43d3f956
openssh-server-8.7p1-11.el9_0.s390x.rpm
SHA-256: da2f1a686dd94713d5e5dc47dc52fb0fa21f4f95090278081625baaaf653612e
openssh-server-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: 53bfbfb7f717340e9b7be8ac19c9f13b12dd166e9a6fefed69c608b93fef451b
openssh-server-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: 53bfbfb7f717340e9b7be8ac19c9f13b12dd166e9a6fefed69c608b93fef451b
pam_ssh_agent_auth-0.10.4-4.11.el9_0.s390x.rpm
SHA-256: c2f198fac422baff0e691594f294962ba8bc2035de1a02ce1c23a39762adcf60
pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.s390x.rpm
SHA-256: 454475de64274610e6f2d71b2be49d1a8d86f3976a795449be74870d475191d0
pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.s390x.rpm
SHA-256: 454475de64274610e6f2d71b2be49d1a8d86f3976a795449be74870d475191d0
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
openssh-8.7p1-11.el9_0.src.rpm
SHA-256: 7e0d9bd0a2d5bf78efa25b9eff41c99979689fcda41fe35e027d40f847f2f9f4
ppc64le
openssh-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: e8fad0eb504dcc4439f393a17fdd00616ca66019b95273ed39542ac8a554648f
openssh-askpass-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 4604cfdc33d169982c542e5f460e13065961d3a7d0f8106bc75560c56b4a7160
openssh-askpass-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 55c64801314b93c41e147c13b3aa2603989b856fc6c6649b4fe98652876a42a2
openssh-askpass-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 55c64801314b93c41e147c13b3aa2603989b856fc6c6649b4fe98652876a42a2
openssh-clients-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 622b43721dd94ca591ad335392e2c4618382acf9ceb7e510fa1248ad551cb0c7
openssh-clients-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: cc6955700bed8e83bbfb01bbb196df18b5a176e7a776885099fc9bec5d608597
openssh-clients-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: cc6955700bed8e83bbfb01bbb196df18b5a176e7a776885099fc9bec5d608597
openssh-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: e0437a52a3f1af57166b553c531ad3a0b0631583bb8955928e816a674adacfc6
openssh-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: e0437a52a3f1af57166b553c531ad3a0b0631583bb8955928e816a674adacfc6
openssh-debugsource-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 5fbba0f9c675fd49755c0df43a9ec8416873ab1ae1a2fd048f8adb7cb6f81821
openssh-debugsource-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 5fbba0f9c675fd49755c0df43a9ec8416873ab1ae1a2fd048f8adb7cb6f81821
openssh-keycat-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 3c9c6d72d8b2eb0feebc29478f25e0fb804a7f099a32885c5e47cdfb5a1df49e
openssh-keycat-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 158897ebebc9a1c1f9223dcc2de63822c286eee79bad96b9f115cff6c0696402
openssh-keycat-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 158897ebebc9a1c1f9223dcc2de63822c286eee79bad96b9f115cff6c0696402
openssh-server-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 10a5344a467ab42b55e81378ce589a44d34e0d28b434e2043b9fb5ad37b8a554
openssh-server-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 8b703866af98355d7ed2507493517fbf0781a464be40adca3c8541791518c368
openssh-server-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 8b703866af98355d7ed2507493517fbf0781a464be40adca3c8541791518c368
pam_ssh_agent_auth-0.10.4-4.11.el9_0.ppc64le.rpm
SHA-256: 1b57821f66ba43ad2b0d0afe3d5bfd648a514caf1289c934df4217041e9655b3
pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.ppc64le.rpm
SHA-256: e6ea6954b802b089bf89041bfff642fba197e456ad8adac416193714ff239854
pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.ppc64le.rpm
SHA-256: e6ea6954b802b089bf89041bfff642fba197e456ad8adac416193714ff239854
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
openssh-8.7p1-11.el9_0.src.rpm
SHA-256: 7e0d9bd0a2d5bf78efa25b9eff41c99979689fcda41fe35e027d40f847f2f9f4
aarch64
openssh-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 7495a26e3fc7acb27155549c5a61b4a90719b20c5843f9c0dc543de918cd388c
openssh-askpass-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 8d61466afd948163834dfb0c69884a071cb276f8ea40a1796e7afe53d497990d
openssh-askpass-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 9a04797f92d5222797600957b5d734e936f3d675d9b8e7ee2ec5d553800802bb
openssh-askpass-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 9a04797f92d5222797600957b5d734e936f3d675d9b8e7ee2ec5d553800802bb
openssh-clients-8.7p1-11.el9_0.aarch64.rpm
SHA-256: e2f54da03ba7a736874fa416c9b90a9f42bfbb29c848a2c66adee86f2742c315
openssh-clients-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: dcd7e3351292ad837695de36fd476d3049d9c24bffd552f9d386d53c48fdab33
openssh-clients-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: dcd7e3351292ad837695de36fd476d3049d9c24bffd552f9d386d53c48fdab33
openssh-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 894cc714621c5a72f9365bd0459de219558ab39e3f90264635cf9907bae730b7
openssh-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 894cc714621c5a72f9365bd0459de219558ab39e3f90264635cf9907bae730b7
openssh-debugsource-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 3ed69a22d95fb8adf774f62efce9c1f9be1136507e2c1403c56975ab9a3b383f
openssh-debugsource-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 3ed69a22d95fb8adf774f62efce9c1f9be1136507e2c1403c56975ab9a3b383f
openssh-keycat-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 0dfc4205026530c0f074db8abb695a4e079da6a2035f43722cddc26df14b0ef0
openssh-keycat-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 5ed60d0bbc3db32ede177112ca637da39f0d9a884fde3d93c578c79adfcec5fb
openssh-keycat-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 5ed60d0bbc3db32ede177112ca637da39f0d9a884fde3d93c578c79adfcec5fb
openssh-server-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 18b052bd222356e31738f4fe0b45be66a6214e421e95e3ede1e72f5d959da923
openssh-server-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: b395b3ed88fab099f0fcc4175d3822b74f6b9621c25ee771e81f3f1940dca656
openssh-server-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: b395b3ed88fab099f0fcc4175d3822b74f6b9621c25ee771e81f3f1940dca656
pam_ssh_agent_auth-0.10.4-4.11.el9_0.aarch64.rpm
SHA-256: ec49e95f37ad6d09d137cdce8b1e717ccc13c3727eefde017a7ab81cef89f8f4
pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.aarch64.rpm
SHA-256: e265bbe303fe88ac819140310b1c3bfa6a321cc0535e5494ebe40af6a757800a
pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.aarch64.rpm
SHA-256: e265bbe303fe88ac819140310b1c3bfa6a321cc0535e5494ebe40af6a757800a
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
openssh-8.7p1-11.el9_0.src.rpm
SHA-256: 7e0d9bd0a2d5bf78efa25b9eff41c99979689fcda41fe35e027d40f847f2f9f4
ppc64le
openssh-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: e8fad0eb504dcc4439f393a17fdd00616ca66019b95273ed39542ac8a554648f
openssh-askpass-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 4604cfdc33d169982c542e5f460e13065961d3a7d0f8106bc75560c56b4a7160
openssh-askpass-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 55c64801314b93c41e147c13b3aa2603989b856fc6c6649b4fe98652876a42a2
openssh-askpass-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 55c64801314b93c41e147c13b3aa2603989b856fc6c6649b4fe98652876a42a2
openssh-clients-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 622b43721dd94ca591ad335392e2c4618382acf9ceb7e510fa1248ad551cb0c7
openssh-clients-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: cc6955700bed8e83bbfb01bbb196df18b5a176e7a776885099fc9bec5d608597
openssh-clients-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: cc6955700bed8e83bbfb01bbb196df18b5a176e7a776885099fc9bec5d608597
openssh-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: e0437a52a3f1af57166b553c531ad3a0b0631583bb8955928e816a674adacfc6
openssh-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: e0437a52a3f1af57166b553c531ad3a0b0631583bb8955928e816a674adacfc6
openssh-debugsource-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 5fbba0f9c675fd49755c0df43a9ec8416873ab1ae1a2fd048f8adb7cb6f81821
openssh-debugsource-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 5fbba0f9c675fd49755c0df43a9ec8416873ab1ae1a2fd048f8adb7cb6f81821
openssh-keycat-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 3c9c6d72d8b2eb0feebc29478f25e0fb804a7f099a32885c5e47cdfb5a1df49e
openssh-keycat-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 158897ebebc9a1c1f9223dcc2de63822c286eee79bad96b9f115cff6c0696402
openssh-keycat-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 158897ebebc9a1c1f9223dcc2de63822c286eee79bad96b9f115cff6c0696402
openssh-server-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 10a5344a467ab42b55e81378ce589a44d34e0d28b434e2043b9fb5ad37b8a554
openssh-server-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 8b703866af98355d7ed2507493517fbf0781a464be40adca3c8541791518c368
openssh-server-debuginfo-8.7p1-11.el9_0.ppc64le.rpm
SHA-256: 8b703866af98355d7ed2507493517fbf0781a464be40adca3c8541791518c368
pam_ssh_agent_auth-0.10.4-4.11.el9_0.ppc64le.rpm
SHA-256: 1b57821f66ba43ad2b0d0afe3d5bfd648a514caf1289c934df4217041e9655b3
pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.ppc64le.rpm
SHA-256: e6ea6954b802b089bf89041bfff642fba197e456ad8adac416193714ff239854
pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.ppc64le.rpm
SHA-256: e6ea6954b802b089bf89041bfff642fba197e456ad8adac416193714ff239854
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
openssh-8.7p1-11.el9_0.src.rpm
SHA-256: 7e0d9bd0a2d5bf78efa25b9eff41c99979689fcda41fe35e027d40f847f2f9f4
x86_64
openssh-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 6aadcdf61cb59f22fb9db95059504de4d5491d4630f6f7d56b5b6dbb4284d381
openssh-askpass-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 58c3de0f85eb175bf7c954dc89d453eda480d39a8cee22e5e3fd3b27496b61e5
openssh-askpass-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 92de533fef16679769701b5bd5da7b763c8dc6528405d7d8b217b0c3040f66fe
openssh-askpass-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 92de533fef16679769701b5bd5da7b763c8dc6528405d7d8b217b0c3040f66fe
openssh-clients-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 787e0cc95ce7ed8652e0779593abe68cdcbfcca3c2176968c8476632fc2956a2
openssh-clients-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: fccdb49dc063e0162cbb50710b23c0889e71e6df7cb61769a764a4b489f9ec97
openssh-clients-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: fccdb49dc063e0162cbb50710b23c0889e71e6df7cb61769a764a4b489f9ec97
openssh-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: a2dad2c9f4562da84df5b58bc5ff94d371a86a02b216b9dbea5a3ad38b2b59d5
openssh-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: a2dad2c9f4562da84df5b58bc5ff94d371a86a02b216b9dbea5a3ad38b2b59d5
openssh-debugsource-8.7p1-11.el9_0.x86_64.rpm
SHA-256: e27b2a6be29546e42dcccf251b6c48e00305feab6b56c003fb8ec407f3411270
openssh-debugsource-8.7p1-11.el9_0.x86_64.rpm
SHA-256: e27b2a6be29546e42dcccf251b6c48e00305feab6b56c003fb8ec407f3411270
openssh-keycat-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 6389665aa333e11be92673c7cfa322b24d862f8ca479ff91bad5da856a5d8d19
openssh-keycat-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: e62715318c437811c2001ae4d96cf4a2932f93c818d797cd81c5db85a66a89f5
openssh-keycat-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: e62715318c437811c2001ae4d96cf4a2932f93c818d797cd81c5db85a66a89f5
openssh-server-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 7681efb79d6f69f7ef1db521437ca63874c5bc27862ffa47714d0284e34446ca
openssh-server-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 4ef00f7c46d66a6f51fa4ea7e3053252188d0bcb4513c4c461d42e784958a1f3
openssh-server-debuginfo-8.7p1-11.el9_0.x86_64.rpm
SHA-256: 4ef00f7c46d66a6f51fa4ea7e3053252188d0bcb4513c4c461d42e784958a1f3
pam_ssh_agent_auth-0.10.4-4.11.el9_0.x86_64.rpm
SHA-256: 3df77c09183916a3faa898f25276725ab0056bcd710f9e5bfeb4bfa23c3da93c
pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.x86_64.rpm
SHA-256: 6f2829fbae4276c27c3d04d9077bdbe23b5d8474765079a0817b3e918aafe60d
pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.x86_64.rpm
SHA-256: 6f2829fbae4276c27c3d04d9077bdbe23b5d8474765079a0817b3e918aafe60d
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
openssh-8.7p1-11.el9_0.src.rpm
SHA-256: 7e0d9bd0a2d5bf78efa25b9eff41c99979689fcda41fe35e027d40f847f2f9f4
aarch64
openssh-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 7495a26e3fc7acb27155549c5a61b4a90719b20c5843f9c0dc543de918cd388c
openssh-askpass-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 8d61466afd948163834dfb0c69884a071cb276f8ea40a1796e7afe53d497990d
openssh-askpass-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 9a04797f92d5222797600957b5d734e936f3d675d9b8e7ee2ec5d553800802bb
openssh-askpass-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 9a04797f92d5222797600957b5d734e936f3d675d9b8e7ee2ec5d553800802bb
openssh-clients-8.7p1-11.el9_0.aarch64.rpm
SHA-256: e2f54da03ba7a736874fa416c9b90a9f42bfbb29c848a2c66adee86f2742c315
openssh-clients-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: dcd7e3351292ad837695de36fd476d3049d9c24bffd552f9d386d53c48fdab33
openssh-clients-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: dcd7e3351292ad837695de36fd476d3049d9c24bffd552f9d386d53c48fdab33
openssh-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 894cc714621c5a72f9365bd0459de219558ab39e3f90264635cf9907bae730b7
openssh-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 894cc714621c5a72f9365bd0459de219558ab39e3f90264635cf9907bae730b7
openssh-debugsource-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 3ed69a22d95fb8adf774f62efce9c1f9be1136507e2c1403c56975ab9a3b383f
openssh-debugsource-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 3ed69a22d95fb8adf774f62efce9c1f9be1136507e2c1403c56975ab9a3b383f
openssh-keycat-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 0dfc4205026530c0f074db8abb695a4e079da6a2035f43722cddc26df14b0ef0
openssh-keycat-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 5ed60d0bbc3db32ede177112ca637da39f0d9a884fde3d93c578c79adfcec5fb
openssh-keycat-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 5ed60d0bbc3db32ede177112ca637da39f0d9a884fde3d93c578c79adfcec5fb
openssh-server-8.7p1-11.el9_0.aarch64.rpm
SHA-256: 18b052bd222356e31738f4fe0b45be66a6214e421e95e3ede1e72f5d959da923
openssh-server-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: b395b3ed88fab099f0fcc4175d3822b74f6b9621c25ee771e81f3f1940dca656
openssh-server-debuginfo-8.7p1-11.el9_0.aarch64.rpm
SHA-256: b395b3ed88fab099f0fcc4175d3822b74f6b9621c25ee771e81f3f1940dca656
pam_ssh_agent_auth-0.10.4-4.11.el9_0.aarch64.rpm
SHA-256: ec49e95f37ad6d09d137cdce8b1e717ccc13c3727eefde017a7ab81cef89f8f4
pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.aarch64.rpm
SHA-256: e265bbe303fe88ac819140310b1c3bfa6a321cc0535e5494ebe40af6a757800a
pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.aarch64.rpm
SHA-256: e265bbe303fe88ac819140310b1c3bfa6a321cc0535e5494ebe40af6a757800a
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
openssh-8.7p1-11.el9_0.src.rpm
SHA-256: 7e0d9bd0a2d5bf78efa25b9eff41c99979689fcda41fe35e027d40f847f2f9f4
s390x
openssh-8.7p1-11.el9_0.s390x.rpm
SHA-256: a7dd5035006c1d71e586eb0fbcc1bc94b52ef650e86d5bc742ed2e108ef3abc0
openssh-askpass-8.7p1-11.el9_0.s390x.rpm
SHA-256: 15431c449c5e98f5a4bb1797114ec9c3dc4d3a21e8273e536b416708a01bae30
openssh-askpass-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: a431bd0cb2920cca182ee77323a3a5b0060ea13a4b0393a6ad4da7cec5c36874
openssh-askpass-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: a431bd0cb2920cca182ee77323a3a5b0060ea13a4b0393a6ad4da7cec5c36874
openssh-clients-8.7p1-11.el9_0.s390x.rpm
SHA-256: 567b24f7e5a5408e371b3bad1b03289cf14afc365c76c2a302ca67647afe424e
openssh-clients-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: 8c8c9b8a05f03c60f127730c06616264e1f4868642bec2881dc2f37cdad7057a
openssh-clients-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: 8c8c9b8a05f03c60f127730c06616264e1f4868642bec2881dc2f37cdad7057a
openssh-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: 4d3d7d3629d18f98ac101cf008d60c7b1f9519bf5029c1e35b584bfc25d05768
openssh-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: 4d3d7d3629d18f98ac101cf008d60c7b1f9519bf5029c1e35b584bfc25d05768
openssh-debugsource-8.7p1-11.el9_0.s390x.rpm
SHA-256: 3a1cd7caea6b7534dbfe4f9c370bd2cdaff3cdac99cac30abd37f90c8ff73752
openssh-debugsource-8.7p1-11.el9_0.s390x.rpm
SHA-256: 3a1cd7caea6b7534dbfe4f9c370bd2cdaff3cdac99cac30abd37f90c8ff73752
openssh-keycat-8.7p1-11.el9_0.s390x.rpm
SHA-256: a343d89759baee3265a126f01b8ff506bc85869c5768b36711bae42a6471997b
openssh-keycat-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: 6622a5013fe6c0fd22360544f1a8f26173b573acb9729f35c39d321b43d3f956
openssh-keycat-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: 6622a5013fe6c0fd22360544f1a8f26173b573acb9729f35c39d321b43d3f956
openssh-server-8.7p1-11.el9_0.s390x.rpm
SHA-256: da2f1a686dd94713d5e5dc47dc52fb0fa21f4f95090278081625baaaf653612e
openssh-server-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: 53bfbfb7f717340e9b7be8ac19c9f13b12dd166e9a6fefed69c608b93fef451b
openssh-server-debuginfo-8.7p1-11.el9_0.s390x.rpm
SHA-256: 53bfbfb7f717340e9b7be8ac19c9f13b12dd166e9a6fefed69c608b93fef451b
pam_ssh_agent_auth-0.10.4-4.11.el9_0.s390x.rpm
SHA-256: c2f198fac422baff0e691594f294962ba8bc2035de1a02ce1c23a39762adcf60
pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.s390x.rpm
SHA-256: 454475de64274610e6f2d71b2be49d1a8d86f3976a795449be74870d475191d0
pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.s390x.rpm
SHA-256: 454475de64274610e6f2d71b2be49d1a8d86f3976a795449be74870d475191d0
Related news
Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138
Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.
Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to esc...
Red Hat Security Advisory 2023-4889-01 - The DevWorkspace Operator extends OpenShift to provide DevWorkspace support. Issues addressed include a code execution vulnerability.
Red Hat DevWorkspace Operator 0.22 has been released. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-...
Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.
IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.
Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape t...
Red Hat Security Advisory 2023-4575-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.
Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Red Hat Security Advisory 2023-4413-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-4419-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.
An update for openssh is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an a...
Ubuntu Security Notice 6242-2 - USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.
An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the...
An update for openssh is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarde...
An update for openssh is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw al...
An update for openssh is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an ...
Red Hat Security Advisory 2023-4329-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.
Ubuntu Security Notice 6242-1 - It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.
Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.
The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.