ALSA-2024:1130

[ALSA-2024:1130] Moderate: openssh security update

Type:

security

Severity:

moderate

Release date:

2024-03-06

Description:

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
* openssh: potential command injection via shell metacharacters (CVE-2023-51385)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	openssh-clients-8.7p1-34.el9_3.3.aarch64.rpm	076069718b5c93c80dbc6f5a5a398d572d945dd9825bc0ccb36d720b06c1f13f
aarch64	openssh-keycat-8.7p1-34.el9_3.3.aarch64.rpm	10ee845b6e92f46132a062d8ede1e3c5c2430be7d1fec9b292a41d6846bc4f84
aarch64	pam_ssh_agent_auth-0.10.4-5.34.el9_3.3.aarch64.rpm	55a1376202baa545e842723996debfcd5b7018a9e393b2ff554eedcaaefe91dd
aarch64	openssh-server-8.7p1-34.el9_3.3.aarch64.rpm	6b244f5a5c338ba9b61984616a731af293af952fb44ff640330c0b02c2341970
aarch64	openssh-8.7p1-34.el9_3.3.aarch64.rpm	7b502545f5d268457ee7c3485f1b416aa57d2ede3a7041b3d5dd203b2ec25f3e
aarch64	openssh-askpass-8.7p1-34.el9_3.3.aarch64.rpm	d2653072fc31045a264361365bd16c14f1783b79148cc43d914dac92cfafcb9d
ppc64le	pam_ssh_agent_auth-0.10.4-5.34.el9_3.3.ppc64le.rpm	67f5600059d6fddeb731fb3b319b8775385cbd69b01a13d25e0537ef86b685b3
ppc64le	openssh-8.7p1-34.el9_3.3.ppc64le.rpm	902b948e6e0767f19f2ec7ff026089779f0921f819366ca510114515f3b0441e
ppc64le	openssh-server-8.7p1-34.el9_3.3.ppc64le.rpm	9ea482b9b7d677f0f7a4f89ea7358e4885e60d9e9636059adcc32e5b55998727
ppc64le	openssh-askpass-8.7p1-34.el9_3.3.ppc64le.rpm	acc55442e91c9c33ad7cccb42adbccbc7e25e68ca3079e036da01efdb23fe8c3
ppc64le	openssh-keycat-8.7p1-34.el9_3.3.ppc64le.rpm	e46afa348cd158c500081d395af0025268a86292fc64d1c66bf5e627f01c60fd
ppc64le	openssh-clients-8.7p1-34.el9_3.3.ppc64le.rpm	fc51cb3fba2522f239cb981e5f1c36bb2a07d29d53abab02e4a9617cc0be7bbb
s390x	openssh-8.7p1-34.el9_3.3.s390x.rpm	0ef492c5c53fd447caec754270b78cfdb9d0dcba92b8d1de2336e84e0177671a
s390x	openssh-askpass-8.7p1-34.el9_3.3.s390x.rpm	165f7b5fa61b942d2f8978dd713262c9610e630b5d020d68ad447edda35c483a
s390x	openssh-server-8.7p1-34.el9_3.3.s390x.rpm	2506b352b210e6024ea7ee9ca86423d0497503ae8167ee067f75bb6dfaf328c0
s390x	pam_ssh_agent_auth-0.10.4-5.34.el9_3.3.s390x.rpm	2e4b1441df878acba9ab856c0e6c9191c196d88a149bcac7a3156b7fa1fc5d7f
s390x	openssh-clients-8.7p1-34.el9_3.3.s390x.rpm	61cf3050af84030fb51b37cd4f483ff02505e601bf419647f3f20f3f55eda256
s390x	openssh-keycat-8.7p1-34.el9_3.3.s390x.rpm	f486abf0bb67dd970b64c7eb2ba346c2f92ff5a3c1239d88a10a2b974afce107
x86_64	openssh-keycat-8.7p1-34.el9_3.3.x86_64.rpm	2f8eedefb87df5aa5eb3691bf4b1359dfa9b58ebd5c279ede801522fe61c9bd5
x86_64	openssh-8.7p1-34.el9_3.3.x86_64.rpm	611051064151ab8f367d547ddbae77b46ad034b31b8f6e818dfb307c3b143207
x86_64	openssh-clients-8.7p1-34.el9_3.3.x86_64.rpm	71df6f5e24a62425f4d520ed94eb95c21402e586ffd7c064ddc8f04faa5c80ab
x86_64	openssh-askpass-8.7p1-34.el9_3.3.x86_64.rpm	92026b9a2509564cf676048474def6fb1884663eb0c9c0c2cc80c73a075437f6
x86_64	openssh-server-8.7p1-34.el9_3.3.x86_64.rpm	965c4d263a913f3bb8fac33f2ddbfc56243a452ed79962ccb02e95e02a8ed8db
x86_64	pam_ssh_agent_auth-0.10.4-5.34.el9_3.3.x86_64.rpm	f60cab5a98e39135da2e02bc22edadfaab4a38020572c2b0d7fb3711da6924d1

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.