1. Home
  2. Security Advisories
  3. AlmaLinux OS
  4. ALSA-2024:1130

[ALSA-2024:1130] openssh security update

Severity Moderate
Affected Packages 12
CVEs 2
Info Packages References Vulnerabilities

openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

  • ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
  • openssh: potential command injection via shell metacharacters (CVE-2023-51385)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package Affected Version
pkg:rpm/almalinux/pam_ssh_agent_auth?arch=x86_64&distro=almalinux-9.3 < 0.10.4-5.34.el9_3.3
pkg:rpm/almalinux/pam_ssh_agent_auth?arch=aarch64&distro=almalinux-9.3 < 0.10.4-5.34.el9_3.3
pkg:rpm/almalinux/openssh?arch=x86_64&distro=almalinux-9.3 < 8.7p1-34.el9_3.3
pkg:rpm/almalinux/openssh?arch=aarch64&distro=almalinux-9.3 < 8.7p1-34.el9_3.3
pkg:rpm/almalinux/openssh-server?arch=x86_64&distro=almalinux-9.3 < 8.7p1-34.el9_3.3
pkg:rpm/almalinux/openssh-server?arch=aarch64&distro=almalinux-9.3 < 8.7p1-34.el9_3.3
pkg:rpm/almalinux/openssh-keycat?arch=x86_64&distro=almalinux-9.3 < 8.7p1-34.el9_3.3
pkg:rpm/almalinux/openssh-keycat?arch=aarch64&distro=almalinux-9.3 < 8.7p1-34.el9_3.3
pkg:rpm/almalinux/openssh-clients?arch=x86_64&distro=almalinux-9.3 < 8.7p1-34.el9_3.3
pkg:rpm/almalinux/openssh-clients?arch=aarch64&distro=almalinux-9.3 < 8.7p1-34.el9_3.3
pkg:rpm/almalinux/openssh-askpass?arch=x86_64&distro=almalinux-9.3 < 8.7p1-34.el9_3.3
pkg:rpm/almalinux/openssh-askpass?arch=aarch64&distro=almalinux-9.3 < 8.7p1-34.el9_3.3
ID
ALSA-2024:1130
Severity
moderate
URL
https://errata.almalinux.org/ALSA-2024:1130.html
Published
2024-03-05T00:00:00
(6 months ago)
Modified
2024-03-06T15:16:34
(6 months ago)
Rights
Copyright 2024 AlmaLinux OS
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/almalinux/pam_ssh_agent_auth?arch=x86_64&distro=almalinux-9.3 almalinux pam_ssh_agent_auth < 0.10.4-5.34.el9_3.3 almalinux-9.3 x86_64
Affected pkg:rpm/almalinux/pam_ssh_agent_auth?arch=aarch64&distro=almalinux-9.3 almalinux pam_ssh_agent_auth < 0.10.4-5.34.el9_3.3 almalinux-9.3 aarch64
Affected pkg:rpm/almalinux/openssh?arch=x86_64&distro=almalinux-9.3 almalinux openssh < 8.7p1-34.el9_3.3 almalinux-9.3 x86_64
Affected pkg:rpm/almalinux/openssh?arch=aarch64&distro=almalinux-9.3 almalinux openssh < 8.7p1-34.el9_3.3 almalinux-9.3 aarch64
Affected pkg:rpm/almalinux/openssh-server?arch=x86_64&distro=almalinux-9.3 almalinux openssh-server < 8.7p1-34.el9_3.3 almalinux-9.3 x86_64
Affected pkg:rpm/almalinux/openssh-server?arch=aarch64&distro=almalinux-9.3 almalinux openssh-server < 8.7p1-34.el9_3.3 almalinux-9.3 aarch64
Affected pkg:rpm/almalinux/openssh-keycat?arch=x86_64&distro=almalinux-9.3 almalinux openssh-keycat < 8.7p1-34.el9_3.3 almalinux-9.3 x86_64
Affected pkg:rpm/almalinux/openssh-keycat?arch=aarch64&distro=almalinux-9.3 almalinux openssh-keycat < 8.7p1-34.el9_3.3 almalinux-9.3 aarch64
Affected pkg:rpm/almalinux/openssh-clients?arch=x86_64&distro=almalinux-9.3 almalinux openssh-clients < 8.7p1-34.el9_3.3 almalinux-9.3 x86_64
Affected pkg:rpm/almalinux/openssh-clients?arch=aarch64&distro=almalinux-9.3 almalinux openssh-clients < 8.7p1-34.el9_3.3 almalinux-9.3 aarch64
Affected pkg:rpm/almalinux/openssh-askpass?arch=x86_64&distro=almalinux-9.3 almalinux openssh-askpass < 8.7p1-34.el9_3.3 almalinux-9.3 x86_64
Affected pkg:rpm/almalinux/openssh-askpass?arch=aarch64&distro=almalinux-9.3 almalinux openssh-askpass < 8.7p1-34.el9_3.3 almalinux-9.3 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date