Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4329: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.
Red Hat Security Data
#vulnerability#linux#red_hat#rce#auth#ssh#ibm#sap

Synopsis

Important: openssh security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openssh is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

  • openssh: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2224173 - CVE-2023-38408 openssh: Remote code execution in ssh-agent PKCS#11 support

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

openssh-8.7p1-11.el9_0.src.rpm

SHA-256: 7e0d9bd0a2d5bf78efa25b9eff41c99979689fcda41fe35e027d40f847f2f9f4

x86_64

openssh-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 6aadcdf61cb59f22fb9db95059504de4d5491d4630f6f7d56b5b6dbb4284d381

openssh-askpass-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 58c3de0f85eb175bf7c954dc89d453eda480d39a8cee22e5e3fd3b27496b61e5

openssh-askpass-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 92de533fef16679769701b5bd5da7b763c8dc6528405d7d8b217b0c3040f66fe

openssh-askpass-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 92de533fef16679769701b5bd5da7b763c8dc6528405d7d8b217b0c3040f66fe

openssh-clients-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 787e0cc95ce7ed8652e0779593abe68cdcbfcca3c2176968c8476632fc2956a2

openssh-clients-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: fccdb49dc063e0162cbb50710b23c0889e71e6df7cb61769a764a4b489f9ec97

openssh-clients-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: fccdb49dc063e0162cbb50710b23c0889e71e6df7cb61769a764a4b489f9ec97

openssh-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: a2dad2c9f4562da84df5b58bc5ff94d371a86a02b216b9dbea5a3ad38b2b59d5

openssh-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: a2dad2c9f4562da84df5b58bc5ff94d371a86a02b216b9dbea5a3ad38b2b59d5

openssh-debugsource-8.7p1-11.el9_0.x86_64.rpm

SHA-256: e27b2a6be29546e42dcccf251b6c48e00305feab6b56c003fb8ec407f3411270

openssh-debugsource-8.7p1-11.el9_0.x86_64.rpm

SHA-256: e27b2a6be29546e42dcccf251b6c48e00305feab6b56c003fb8ec407f3411270

openssh-keycat-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 6389665aa333e11be92673c7cfa322b24d862f8ca479ff91bad5da856a5d8d19

openssh-keycat-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: e62715318c437811c2001ae4d96cf4a2932f93c818d797cd81c5db85a66a89f5

openssh-keycat-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: e62715318c437811c2001ae4d96cf4a2932f93c818d797cd81c5db85a66a89f5

openssh-server-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 7681efb79d6f69f7ef1db521437ca63874c5bc27862ffa47714d0284e34446ca

openssh-server-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 4ef00f7c46d66a6f51fa4ea7e3053252188d0bcb4513c4c461d42e784958a1f3

openssh-server-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 4ef00f7c46d66a6f51fa4ea7e3053252188d0bcb4513c4c461d42e784958a1f3

pam_ssh_agent_auth-0.10.4-4.11.el9_0.x86_64.rpm

SHA-256: 3df77c09183916a3faa898f25276725ab0056bcd710f9e5bfeb4bfa23c3da93c

pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.x86_64.rpm

SHA-256: 6f2829fbae4276c27c3d04d9077bdbe23b5d8474765079a0817b3e918aafe60d

pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.x86_64.rpm

SHA-256: 6f2829fbae4276c27c3d04d9077bdbe23b5d8474765079a0817b3e918aafe60d

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM

openssh-8.7p1-11.el9_0.src.rpm

SHA-256: 7e0d9bd0a2d5bf78efa25b9eff41c99979689fcda41fe35e027d40f847f2f9f4

s390x

openssh-8.7p1-11.el9_0.s390x.rpm

SHA-256: a7dd5035006c1d71e586eb0fbcc1bc94b52ef650e86d5bc742ed2e108ef3abc0

openssh-askpass-8.7p1-11.el9_0.s390x.rpm

SHA-256: 15431c449c5e98f5a4bb1797114ec9c3dc4d3a21e8273e536b416708a01bae30

openssh-askpass-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: a431bd0cb2920cca182ee77323a3a5b0060ea13a4b0393a6ad4da7cec5c36874

openssh-askpass-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: a431bd0cb2920cca182ee77323a3a5b0060ea13a4b0393a6ad4da7cec5c36874

openssh-clients-8.7p1-11.el9_0.s390x.rpm

SHA-256: 567b24f7e5a5408e371b3bad1b03289cf14afc365c76c2a302ca67647afe424e

openssh-clients-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: 8c8c9b8a05f03c60f127730c06616264e1f4868642bec2881dc2f37cdad7057a

openssh-clients-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: 8c8c9b8a05f03c60f127730c06616264e1f4868642bec2881dc2f37cdad7057a

openssh-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: 4d3d7d3629d18f98ac101cf008d60c7b1f9519bf5029c1e35b584bfc25d05768

openssh-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: 4d3d7d3629d18f98ac101cf008d60c7b1f9519bf5029c1e35b584bfc25d05768

openssh-debugsource-8.7p1-11.el9_0.s390x.rpm

SHA-256: 3a1cd7caea6b7534dbfe4f9c370bd2cdaff3cdac99cac30abd37f90c8ff73752

openssh-debugsource-8.7p1-11.el9_0.s390x.rpm

SHA-256: 3a1cd7caea6b7534dbfe4f9c370bd2cdaff3cdac99cac30abd37f90c8ff73752

openssh-keycat-8.7p1-11.el9_0.s390x.rpm

SHA-256: a343d89759baee3265a126f01b8ff506bc85869c5768b36711bae42a6471997b

openssh-keycat-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: 6622a5013fe6c0fd22360544f1a8f26173b573acb9729f35c39d321b43d3f956

openssh-keycat-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: 6622a5013fe6c0fd22360544f1a8f26173b573acb9729f35c39d321b43d3f956

openssh-server-8.7p1-11.el9_0.s390x.rpm

SHA-256: da2f1a686dd94713d5e5dc47dc52fb0fa21f4f95090278081625baaaf653612e

openssh-server-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: 53bfbfb7f717340e9b7be8ac19c9f13b12dd166e9a6fefed69c608b93fef451b

openssh-server-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: 53bfbfb7f717340e9b7be8ac19c9f13b12dd166e9a6fefed69c608b93fef451b

pam_ssh_agent_auth-0.10.4-4.11.el9_0.s390x.rpm

SHA-256: c2f198fac422baff0e691594f294962ba8bc2035de1a02ce1c23a39762adcf60

pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.s390x.rpm

SHA-256: 454475de64274610e6f2d71b2be49d1a8d86f3976a795449be74870d475191d0

pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.s390x.rpm

SHA-256: 454475de64274610e6f2d71b2be49d1a8d86f3976a795449be74870d475191d0

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM

openssh-8.7p1-11.el9_0.src.rpm

SHA-256: 7e0d9bd0a2d5bf78efa25b9eff41c99979689fcda41fe35e027d40f847f2f9f4

ppc64le

openssh-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: e8fad0eb504dcc4439f393a17fdd00616ca66019b95273ed39542ac8a554648f

openssh-askpass-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 4604cfdc33d169982c542e5f460e13065961d3a7d0f8106bc75560c56b4a7160

openssh-askpass-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 55c64801314b93c41e147c13b3aa2603989b856fc6c6649b4fe98652876a42a2

openssh-askpass-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 55c64801314b93c41e147c13b3aa2603989b856fc6c6649b4fe98652876a42a2

openssh-clients-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 622b43721dd94ca591ad335392e2c4618382acf9ceb7e510fa1248ad551cb0c7

openssh-clients-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: cc6955700bed8e83bbfb01bbb196df18b5a176e7a776885099fc9bec5d608597

openssh-clients-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: cc6955700bed8e83bbfb01bbb196df18b5a176e7a776885099fc9bec5d608597

openssh-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: e0437a52a3f1af57166b553c531ad3a0b0631583bb8955928e816a674adacfc6

openssh-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: e0437a52a3f1af57166b553c531ad3a0b0631583bb8955928e816a674adacfc6

openssh-debugsource-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 5fbba0f9c675fd49755c0df43a9ec8416873ab1ae1a2fd048f8adb7cb6f81821

openssh-debugsource-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 5fbba0f9c675fd49755c0df43a9ec8416873ab1ae1a2fd048f8adb7cb6f81821

openssh-keycat-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 3c9c6d72d8b2eb0feebc29478f25e0fb804a7f099a32885c5e47cdfb5a1df49e

openssh-keycat-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 158897ebebc9a1c1f9223dcc2de63822c286eee79bad96b9f115cff6c0696402

openssh-keycat-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 158897ebebc9a1c1f9223dcc2de63822c286eee79bad96b9f115cff6c0696402

openssh-server-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 10a5344a467ab42b55e81378ce589a44d34e0d28b434e2043b9fb5ad37b8a554

openssh-server-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 8b703866af98355d7ed2507493517fbf0781a464be40adca3c8541791518c368

openssh-server-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 8b703866af98355d7ed2507493517fbf0781a464be40adca3c8541791518c368

pam_ssh_agent_auth-0.10.4-4.11.el9_0.ppc64le.rpm

SHA-256: 1b57821f66ba43ad2b0d0afe3d5bfd648a514caf1289c934df4217041e9655b3

pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.ppc64le.rpm

SHA-256: e6ea6954b802b089bf89041bfff642fba197e456ad8adac416193714ff239854

pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.ppc64le.rpm

SHA-256: e6ea6954b802b089bf89041bfff642fba197e456ad8adac416193714ff239854

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM

openssh-8.7p1-11.el9_0.src.rpm

SHA-256: 7e0d9bd0a2d5bf78efa25b9eff41c99979689fcda41fe35e027d40f847f2f9f4

aarch64

openssh-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 7495a26e3fc7acb27155549c5a61b4a90719b20c5843f9c0dc543de918cd388c

openssh-askpass-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 8d61466afd948163834dfb0c69884a071cb276f8ea40a1796e7afe53d497990d

openssh-askpass-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 9a04797f92d5222797600957b5d734e936f3d675d9b8e7ee2ec5d553800802bb

openssh-askpass-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 9a04797f92d5222797600957b5d734e936f3d675d9b8e7ee2ec5d553800802bb

openssh-clients-8.7p1-11.el9_0.aarch64.rpm

SHA-256: e2f54da03ba7a736874fa416c9b90a9f42bfbb29c848a2c66adee86f2742c315

openssh-clients-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: dcd7e3351292ad837695de36fd476d3049d9c24bffd552f9d386d53c48fdab33

openssh-clients-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: dcd7e3351292ad837695de36fd476d3049d9c24bffd552f9d386d53c48fdab33

openssh-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 894cc714621c5a72f9365bd0459de219558ab39e3f90264635cf9907bae730b7

openssh-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 894cc714621c5a72f9365bd0459de219558ab39e3f90264635cf9907bae730b7

openssh-debugsource-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 3ed69a22d95fb8adf774f62efce9c1f9be1136507e2c1403c56975ab9a3b383f

openssh-debugsource-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 3ed69a22d95fb8adf774f62efce9c1f9be1136507e2c1403c56975ab9a3b383f

openssh-keycat-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 0dfc4205026530c0f074db8abb695a4e079da6a2035f43722cddc26df14b0ef0

openssh-keycat-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 5ed60d0bbc3db32ede177112ca637da39f0d9a884fde3d93c578c79adfcec5fb

openssh-keycat-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 5ed60d0bbc3db32ede177112ca637da39f0d9a884fde3d93c578c79adfcec5fb

openssh-server-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 18b052bd222356e31738f4fe0b45be66a6214e421e95e3ede1e72f5d959da923

openssh-server-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: b395b3ed88fab099f0fcc4175d3822b74f6b9621c25ee771e81f3f1940dca656

openssh-server-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: b395b3ed88fab099f0fcc4175d3822b74f6b9621c25ee771e81f3f1940dca656

pam_ssh_agent_auth-0.10.4-4.11.el9_0.aarch64.rpm

SHA-256: ec49e95f37ad6d09d137cdce8b1e717ccc13c3727eefde017a7ab81cef89f8f4

pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.aarch64.rpm

SHA-256: e265bbe303fe88ac819140310b1c3bfa6a321cc0535e5494ebe40af6a757800a

pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.aarch64.rpm

SHA-256: e265bbe303fe88ac819140310b1c3bfa6a321cc0535e5494ebe40af6a757800a

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM

openssh-8.7p1-11.el9_0.src.rpm

SHA-256: 7e0d9bd0a2d5bf78efa25b9eff41c99979689fcda41fe35e027d40f847f2f9f4

ppc64le

openssh-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: e8fad0eb504dcc4439f393a17fdd00616ca66019b95273ed39542ac8a554648f

openssh-askpass-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 4604cfdc33d169982c542e5f460e13065961d3a7d0f8106bc75560c56b4a7160

openssh-askpass-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 55c64801314b93c41e147c13b3aa2603989b856fc6c6649b4fe98652876a42a2

openssh-askpass-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 55c64801314b93c41e147c13b3aa2603989b856fc6c6649b4fe98652876a42a2

openssh-clients-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 622b43721dd94ca591ad335392e2c4618382acf9ceb7e510fa1248ad551cb0c7

openssh-clients-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: cc6955700bed8e83bbfb01bbb196df18b5a176e7a776885099fc9bec5d608597

openssh-clients-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: cc6955700bed8e83bbfb01bbb196df18b5a176e7a776885099fc9bec5d608597

openssh-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: e0437a52a3f1af57166b553c531ad3a0b0631583bb8955928e816a674adacfc6

openssh-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: e0437a52a3f1af57166b553c531ad3a0b0631583bb8955928e816a674adacfc6

openssh-debugsource-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 5fbba0f9c675fd49755c0df43a9ec8416873ab1ae1a2fd048f8adb7cb6f81821

openssh-debugsource-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 5fbba0f9c675fd49755c0df43a9ec8416873ab1ae1a2fd048f8adb7cb6f81821

openssh-keycat-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 3c9c6d72d8b2eb0feebc29478f25e0fb804a7f099a32885c5e47cdfb5a1df49e

openssh-keycat-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 158897ebebc9a1c1f9223dcc2de63822c286eee79bad96b9f115cff6c0696402

openssh-keycat-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 158897ebebc9a1c1f9223dcc2de63822c286eee79bad96b9f115cff6c0696402

openssh-server-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 10a5344a467ab42b55e81378ce589a44d34e0d28b434e2043b9fb5ad37b8a554

openssh-server-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 8b703866af98355d7ed2507493517fbf0781a464be40adca3c8541791518c368

openssh-server-debuginfo-8.7p1-11.el9_0.ppc64le.rpm

SHA-256: 8b703866af98355d7ed2507493517fbf0781a464be40adca3c8541791518c368

pam_ssh_agent_auth-0.10.4-4.11.el9_0.ppc64le.rpm

SHA-256: 1b57821f66ba43ad2b0d0afe3d5bfd648a514caf1289c934df4217041e9655b3

pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.ppc64le.rpm

SHA-256: e6ea6954b802b089bf89041bfff642fba197e456ad8adac416193714ff239854

pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.ppc64le.rpm

SHA-256: e6ea6954b802b089bf89041bfff642fba197e456ad8adac416193714ff239854

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM

openssh-8.7p1-11.el9_0.src.rpm

SHA-256: 7e0d9bd0a2d5bf78efa25b9eff41c99979689fcda41fe35e027d40f847f2f9f4

x86_64

openssh-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 6aadcdf61cb59f22fb9db95059504de4d5491d4630f6f7d56b5b6dbb4284d381

openssh-askpass-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 58c3de0f85eb175bf7c954dc89d453eda480d39a8cee22e5e3fd3b27496b61e5

openssh-askpass-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 92de533fef16679769701b5bd5da7b763c8dc6528405d7d8b217b0c3040f66fe

openssh-askpass-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 92de533fef16679769701b5bd5da7b763c8dc6528405d7d8b217b0c3040f66fe

openssh-clients-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 787e0cc95ce7ed8652e0779593abe68cdcbfcca3c2176968c8476632fc2956a2

openssh-clients-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: fccdb49dc063e0162cbb50710b23c0889e71e6df7cb61769a764a4b489f9ec97

openssh-clients-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: fccdb49dc063e0162cbb50710b23c0889e71e6df7cb61769a764a4b489f9ec97

openssh-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: a2dad2c9f4562da84df5b58bc5ff94d371a86a02b216b9dbea5a3ad38b2b59d5

openssh-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: a2dad2c9f4562da84df5b58bc5ff94d371a86a02b216b9dbea5a3ad38b2b59d5

openssh-debugsource-8.7p1-11.el9_0.x86_64.rpm

SHA-256: e27b2a6be29546e42dcccf251b6c48e00305feab6b56c003fb8ec407f3411270

openssh-debugsource-8.7p1-11.el9_0.x86_64.rpm

SHA-256: e27b2a6be29546e42dcccf251b6c48e00305feab6b56c003fb8ec407f3411270

openssh-keycat-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 6389665aa333e11be92673c7cfa322b24d862f8ca479ff91bad5da856a5d8d19

openssh-keycat-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: e62715318c437811c2001ae4d96cf4a2932f93c818d797cd81c5db85a66a89f5

openssh-keycat-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: e62715318c437811c2001ae4d96cf4a2932f93c818d797cd81c5db85a66a89f5

openssh-server-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 7681efb79d6f69f7ef1db521437ca63874c5bc27862ffa47714d0284e34446ca

openssh-server-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 4ef00f7c46d66a6f51fa4ea7e3053252188d0bcb4513c4c461d42e784958a1f3

openssh-server-debuginfo-8.7p1-11.el9_0.x86_64.rpm

SHA-256: 4ef00f7c46d66a6f51fa4ea7e3053252188d0bcb4513c4c461d42e784958a1f3

pam_ssh_agent_auth-0.10.4-4.11.el9_0.x86_64.rpm

SHA-256: 3df77c09183916a3faa898f25276725ab0056bcd710f9e5bfeb4bfa23c3da93c

pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.x86_64.rpm

SHA-256: 6f2829fbae4276c27c3d04d9077bdbe23b5d8474765079a0817b3e918aafe60d

pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.x86_64.rpm

SHA-256: 6f2829fbae4276c27c3d04d9077bdbe23b5d8474765079a0817b3e918aafe60d

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0

SRPM

openssh-8.7p1-11.el9_0.src.rpm

SHA-256: 7e0d9bd0a2d5bf78efa25b9eff41c99979689fcda41fe35e027d40f847f2f9f4

aarch64

openssh-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 7495a26e3fc7acb27155549c5a61b4a90719b20c5843f9c0dc543de918cd388c

openssh-askpass-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 8d61466afd948163834dfb0c69884a071cb276f8ea40a1796e7afe53d497990d

openssh-askpass-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 9a04797f92d5222797600957b5d734e936f3d675d9b8e7ee2ec5d553800802bb

openssh-askpass-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 9a04797f92d5222797600957b5d734e936f3d675d9b8e7ee2ec5d553800802bb

openssh-clients-8.7p1-11.el9_0.aarch64.rpm

SHA-256: e2f54da03ba7a736874fa416c9b90a9f42bfbb29c848a2c66adee86f2742c315

openssh-clients-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: dcd7e3351292ad837695de36fd476d3049d9c24bffd552f9d386d53c48fdab33

openssh-clients-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: dcd7e3351292ad837695de36fd476d3049d9c24bffd552f9d386d53c48fdab33

openssh-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 894cc714621c5a72f9365bd0459de219558ab39e3f90264635cf9907bae730b7

openssh-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 894cc714621c5a72f9365bd0459de219558ab39e3f90264635cf9907bae730b7

openssh-debugsource-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 3ed69a22d95fb8adf774f62efce9c1f9be1136507e2c1403c56975ab9a3b383f

openssh-debugsource-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 3ed69a22d95fb8adf774f62efce9c1f9be1136507e2c1403c56975ab9a3b383f

openssh-keycat-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 0dfc4205026530c0f074db8abb695a4e079da6a2035f43722cddc26df14b0ef0

openssh-keycat-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 5ed60d0bbc3db32ede177112ca637da39f0d9a884fde3d93c578c79adfcec5fb

openssh-keycat-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 5ed60d0bbc3db32ede177112ca637da39f0d9a884fde3d93c578c79adfcec5fb

openssh-server-8.7p1-11.el9_0.aarch64.rpm

SHA-256: 18b052bd222356e31738f4fe0b45be66a6214e421e95e3ede1e72f5d959da923

openssh-server-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: b395b3ed88fab099f0fcc4175d3822b74f6b9621c25ee771e81f3f1940dca656

openssh-server-debuginfo-8.7p1-11.el9_0.aarch64.rpm

SHA-256: b395b3ed88fab099f0fcc4175d3822b74f6b9621c25ee771e81f3f1940dca656

pam_ssh_agent_auth-0.10.4-4.11.el9_0.aarch64.rpm

SHA-256: ec49e95f37ad6d09d137cdce8b1e717ccc13c3727eefde017a7ab81cef89f8f4

pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.aarch64.rpm

SHA-256: e265bbe303fe88ac819140310b1c3bfa6a321cc0535e5494ebe40af6a757800a

pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.aarch64.rpm

SHA-256: e265bbe303fe88ac819140310b1c3bfa6a321cc0535e5494ebe40af6a757800a

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0

SRPM

openssh-8.7p1-11.el9_0.src.rpm

SHA-256: 7e0d9bd0a2d5bf78efa25b9eff41c99979689fcda41fe35e027d40f847f2f9f4

s390x

openssh-8.7p1-11.el9_0.s390x.rpm

SHA-256: a7dd5035006c1d71e586eb0fbcc1bc94b52ef650e86d5bc742ed2e108ef3abc0

openssh-askpass-8.7p1-11.el9_0.s390x.rpm

SHA-256: 15431c449c5e98f5a4bb1797114ec9c3dc4d3a21e8273e536b416708a01bae30

openssh-askpass-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: a431bd0cb2920cca182ee77323a3a5b0060ea13a4b0393a6ad4da7cec5c36874

openssh-askpass-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: a431bd0cb2920cca182ee77323a3a5b0060ea13a4b0393a6ad4da7cec5c36874

openssh-clients-8.7p1-11.el9_0.s390x.rpm

SHA-256: 567b24f7e5a5408e371b3bad1b03289cf14afc365c76c2a302ca67647afe424e

openssh-clients-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: 8c8c9b8a05f03c60f127730c06616264e1f4868642bec2881dc2f37cdad7057a

openssh-clients-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: 8c8c9b8a05f03c60f127730c06616264e1f4868642bec2881dc2f37cdad7057a

openssh-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: 4d3d7d3629d18f98ac101cf008d60c7b1f9519bf5029c1e35b584bfc25d05768

openssh-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: 4d3d7d3629d18f98ac101cf008d60c7b1f9519bf5029c1e35b584bfc25d05768

openssh-debugsource-8.7p1-11.el9_0.s390x.rpm

SHA-256: 3a1cd7caea6b7534dbfe4f9c370bd2cdaff3cdac99cac30abd37f90c8ff73752

openssh-debugsource-8.7p1-11.el9_0.s390x.rpm

SHA-256: 3a1cd7caea6b7534dbfe4f9c370bd2cdaff3cdac99cac30abd37f90c8ff73752

openssh-keycat-8.7p1-11.el9_0.s390x.rpm

SHA-256: a343d89759baee3265a126f01b8ff506bc85869c5768b36711bae42a6471997b

openssh-keycat-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: 6622a5013fe6c0fd22360544f1a8f26173b573acb9729f35c39d321b43d3f956

openssh-keycat-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: 6622a5013fe6c0fd22360544f1a8f26173b573acb9729f35c39d321b43d3f956

openssh-server-8.7p1-11.el9_0.s390x.rpm

SHA-256: da2f1a686dd94713d5e5dc47dc52fb0fa21f4f95090278081625baaaf653612e

openssh-server-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: 53bfbfb7f717340e9b7be8ac19c9f13b12dd166e9a6fefed69c608b93fef451b

openssh-server-debuginfo-8.7p1-11.el9_0.s390x.rpm

SHA-256: 53bfbfb7f717340e9b7be8ac19c9f13b12dd166e9a6fefed69c608b93fef451b

pam_ssh_agent_auth-0.10.4-4.11.el9_0.s390x.rpm

SHA-256: c2f198fac422baff0e691594f294962ba8bc2035de1a02ce1c23a39762adcf60

pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.s390x.rpm

SHA-256: 454475de64274610e6f2d71b2be49d1a8d86f3976a795449be74870d475191d0

pam_ssh_agent_auth-debuginfo-0.10.4-4.11.el9_0.s390x.rpm

SHA-256: 454475de64274610e6f2d71b2be49d1a8d86f3976a795449be74870d475191d0

Related news

CVE-2023-48660: DSA-2023-443: Dell PowerMaxOS 5978, Dell Unisphere 360, Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Solutions Enabler Virtual Appliance, and Dell PowerMax EEM Secu

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

CVE-2023-30994: Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138

Red Hat Security Advisory 2023-5029-01

Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.

RHSA-2023:4972: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.8 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to esc...

Red Hat Security Advisory 2023-4889-01

Red Hat Security Advisory 2023-4889-01 - The DevWorkspace Operator extends OpenShift to provide DevWorkspace support. Issues addressed include a code execution vulnerability.

RHSA-2023:4889: Red Hat Security Advisory: DevWorkspace Operator 0.22 release

Red Hat DevWorkspace Operator 0.22 has been released. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-...

Red Hat Security Advisory 2023-4875-01

Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.

CVE-2023-40371: Security Bulletin: AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH (CVE-2023-40371 and CVE-2023-38408)

IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.

Red Hat Security Advisory 2023-4654-01

Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

RHSA-2023:4650: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.7 security updates and bug fixes

Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape t...

Red Hat Security Advisory 2023-4575-01

Red Hat Security Advisory 2023-4575-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.

RHSA-2023:4456: Red Hat Security Advisory: OpenShift Container Platform 4.13.8 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

Red Hat Security Advisory 2023-4413-01

Red Hat Security Advisory 2023-4413-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4419-01

Red Hat Security Advisory 2023-4419-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

RHSA-2023:4428: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an a...

Ubuntu Security Notice USN-6242-2

Ubuntu Security Notice 6242-2 - USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

RHSA-2023:4382: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the...

RHSA-2023:4384: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarde...

RHSA-2023:4383: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw al...

RHSA-2023:4381: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an ...

Red Hat Security Advisory 2023-4329-01

Red Hat Security Advisory 2023-4329-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

Ubuntu Security Notice USN-6242-1

Ubuntu Security Notice 6242-1 - It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

OpenSSH Forwarded SSH-Agent Remote Code Execution

The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.

CVE-2023-38408: Disallow remote addition of FIDO/PKCS11 provider libraries to · openbsd/src@7bc29a9

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.