ALSA-2024:3166

[ALSA-2024:3166] Moderate: openssh security update

Type:

security

Severity:

moderate

Release date:

2024-05-29

Description:

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

* openssh: scp allows command injection when using backtick characters in the destination argument (CVE-2020-15778)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	pam_ssh_agent_auth-0.10.3-7.24.el8.aarch64.rpm	22f063753a4d10bf82ef080534d3c0dde9a35097f741fdf683b2569075318e6f
aarch64	openssh-keycat-8.0p1-24.el8.aarch64.rpm	3ab7545c99edfd61c193d24713530beb33ce133d244b85e80469b1cbed4a0442
aarch64	openssh-ldap-8.0p1-24.el8.aarch64.rpm	4b1a3305eff45a689265f83e58bd92bb42497b98242f2240f209bd97c82a2eb3
aarch64	openssh-clients-8.0p1-24.el8.aarch64.rpm	4fdc06b06f3e98310168bb432a2e0c36627166be761cb12610f412223b3c49c1
aarch64	openssh-8.0p1-24.el8.aarch64.rpm	51538508f8ff015e35d59dae991d0adf7782787bab734f095f5c8cadc7aa7df7
aarch64	openssh-cavs-8.0p1-24.el8.aarch64.rpm	5c103645eee13a1601a7b547c5b206954b38f69acc0b95f09cec53ee7c122813
aarch64	openssh-server-8.0p1-24.el8.aarch64.rpm	640b95f159f9743e96f471c575738adbb8a85ddda167afe1aa49d14896e4dae1
aarch64	openssh-askpass-8.0p1-24.el8.aarch64.rpm	cb3cffc4b5e4e7be6fc9eb772153063148df76cebc5292b20357a15df4652701
ppc64le	openssh-8.0p1-24.el8.ppc64le.rpm	1f8ef8a4eb67ce6b8fac73d3898ea24ab1ac69b9f2dd7b663e23d3a10f2ae559
ppc64le	openssh-cavs-8.0p1-24.el8.ppc64le.rpm	26e83d958ced57a4b2ddb9bd37da0b9bf3fb80cdd426e0400fbdf7445faa2a1b
ppc64le	openssh-keycat-8.0p1-24.el8.ppc64le.rpm	478042b7f671e17922d25f929b2d1c1e5b592c1055d6003a1bca6d00cba59294
ppc64le	openssh-clients-8.0p1-24.el8.ppc64le.rpm	48d0c622275679f495e9751119185ea39b5940ccccd8a9ad8ca3d40a967a90b4
ppc64le	pam_ssh_agent_auth-0.10.3-7.24.el8.ppc64le.rpm	5dec1ed5f2c15a68a70f9e1f7a149feb672aa0d6cb583dcea1151dcd7db2370c
ppc64le	openssh-askpass-8.0p1-24.el8.ppc64le.rpm	729989e57d56de0a208bf247d8489d151a85dbe711f0ec983257eab5e6376099
ppc64le	openssh-server-8.0p1-24.el8.ppc64le.rpm	73a9afbcd18033110eb4443ac968036e1ed3a0aef2dea9e042cf4f37d1f4f3f7
ppc64le	openssh-ldap-8.0p1-24.el8.ppc64le.rpm	9299ee6f780eb7e4512c6f872c85db8437b2752280006c1d06a5a27eba3c6833
s390x	openssh-cavs-8.0p1-24.el8.s390x.rpm	024fa83cba3d222a37106b2fd50e82712008cc027597b7b74730c922f37c5613
s390x	openssh-askpass-8.0p1-24.el8.s390x.rpm	25bfbecfecad0ea7f1c1eb0d2a09bc85f482a2fb78ef8f1b4c071d43f32b7794
s390x	openssh-ldap-8.0p1-24.el8.s390x.rpm	3f6ff448b9f3dd29bf9516fb0df635087ccf9052da867142f03d1ff17a6671a4
s390x	openssh-keycat-8.0p1-24.el8.s390x.rpm	a792da7586ec7927a0569fe74da95ca46307397459e1b1fba4d4b5a7348eacca
s390x	openssh-8.0p1-24.el8.s390x.rpm	aa3e1e20a331d1bae953df8abef1066574f4a1a4b3f6c1e51ed3571146a37ad3
s390x	openssh-clients-8.0p1-24.el8.s390x.rpm	bb948af0d5c1cd251de88e748d8598ad87342c75d2edcb159a32ce68911acfd0
s390x	pam_ssh_agent_auth-0.10.3-7.24.el8.s390x.rpm	d00c83c6c0dbe826ca88d5943787e0de783f052cbb871f38cfea27a8fa6fb20e
s390x	openssh-server-8.0p1-24.el8.s390x.rpm	d7d3dc92cf31dd77829679eb3a8c68344a6a8bad7e280f5bb976a979500c6b8d
x86_64	openssh-keycat-8.0p1-24.el8.x86_64.rpm	20a1161bf6488598cfbbd712b4d127cfddeb7f62f26b89c2fc63113e41e4d3df
x86_64	openssh-ldap-8.0p1-24.el8.x86_64.rpm	28bb286d4fcea3733983274aee365c0588d65f9e411a936f585a96607733d54e
x86_64	openssh-cavs-8.0p1-24.el8.x86_64.rpm	50c732505dea16d9866db3b43a910e1e00b86b2304f0953492152f257e772e4e
x86_64	openssh-server-8.0p1-24.el8.x86_64.rpm	5a9592e8c96984379f024d4dc7bd936a20faaf1b2b3d474cf15e86f38f9d6cad
x86_64	pam_ssh_agent_auth-0.10.3-7.24.el8.x86_64.rpm	8d8b5852b936bf99f42e8b484355d78c9bc64b69996e50564a624d206c357af3
x86_64	openssh-askpass-8.0p1-24.el8.x86_64.rpm	b55744a12675009f6b3af236df33f032ab0485dddc11541f838227007fd27d80
x86_64	openssh-clients-8.0p1-24.el8.x86_64.rpm	bef14efb572632adf84025809ddcbe68c130b18f016f25734e6f4daf9f5bf95f
x86_64	openssh-8.0p1-24.el8.x86_64.rpm	c4258693686b219b519615b04c986ea43056b3f722a32679ca8854726e7295c5

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.