[ALAS-2023-1898] Amazon Linux AMI 2014.03 - ALAS-2023-1898: medium priority package update for openssh
Severity
Medium
Affected Packages
16
CVEs
1
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2023-48795:
AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommend customers update to the latest version of SSH.
- ID
- ALAS-2023-1898
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2023-1898.html
- Published
-
2023-12-18T09:20:00
(9 months ago) - Modified
-
2023-12-19T14:20:00
(9 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS2-2023-2376
- ALPINE:CVE-2023-48795
- ALSA-2024:0606
- ALSA-2024:0628
- ALSA-2024:1130
- ALSA-2024:1150
- DSA-5586-1
- DSA-5588-1
- DSA-5591-1
- DSA-5599-1
- DSA-5600-1
- DSA-5601-1
- DSA-5750-1
- ELSA-2024-0606
- ELSA-2024-0628
- ELSA-2024-1130
- ELSA-2024-1150
- ELSA-2024-12157
- ELSA-2024-12158
- ELSA-2024-12164
- ELSA-2024-12232
- ELSA-2024-12233
- ELSA-2024-2988
- FEDORA-2023-0733306be9
- FEDORA-2023-153404713b
- FEDORA-2023-20feb865d8
- FEDORA-2023-55800423a8
- FEDORA-2023-b87ec6cf47
- FEDORA-2023-cb8c606fbb
- FEDORA-2023-e77300e4b5
- FEDORA-2024-06ebb70bdd
- FEDORA-2024-2705241461
- FEDORA-2024-37627e432e
- FEDORA-2024-39a8c72ea9
- FEDORA-2024-3bb23c77f3
- FEDORA-2024-3fd1bc9276
- FEDORA-2024-71c2c6526c
- FEDORA-2024-7b08207cdb
- FEDORA-2024-7e301327c2
- FEDORA-2024-a53b24023d
- FEDORA-2024-ae653fb07b
- FEDORA-2024-d946b9ad25
- FEDORA-2024-fb32950d11
- FREEBSD:0F7598CC-9FE2-11EE-B47F-901B0E9408DC
- FREEBSD:13D83980-9F18-11EE-8E38-002590C1F29C
- FREEBSD:4EBDD56B-FE72-11EE-BC57-00E081B7AA2D
- FREEBSD:91955195-9EBB-11EE-BC14-A703705DB3A6
- FREEBSD:B5E22EC5-BC4B-11EE-B0B5-B42E991FC52E
- GLSA-202312-16
- GLSA-202312-17
- GLSA-202407-11
- GLSA-202407-12
- GO-2023-2402
- JENKINS:SECURITY-3333
- JENKINS:SECURITY-3386
- openSUSE-SU-2023:0411-1
- openSUSE-SU-2023:0421-1
- openSUSE-SU-2024:0005-1
- openSUSE-SU-2024:0008-1
- openSUSE-SU-2024:0036-1
- RHBA-2024:1127
- RHBA-2024:1136
- RHSA-2024:0606
- RHSA-2024:0628
- RHSA-2024:1130
- RHSA-2024:1150
- RHSA-2024:2988
- RLSA-2024:0606
- RLSA-2024:0628
- SSA:2023-353-01
- SSA:2023-354-01
- SUSE-SU-2023:4902-1
- SUSE-SU-2023:4903-1
- SUSE-SU-2023:4904-1
- SUSE-SU-2023:4905-1
- SUSE-SU-2023:4946-1
- SUSE-SU-2024:0006-1
- SUSE-SU-2024:0035-1
- SUSE-SU-2024:0140-1
- SUSE-SU-2024:0210-1
- SUSE-SU-2024:0224-1
- SUSE-SU-2024:0327-1
- SUSE-SU-2024:0430-1
- SUSE-SU-2024:0460-1
- SUSE-SU-2024:0525-1
- SUSE-SU-2024:0539-1
- SUSE-SU-2024:0543-1
- SUSE-SU-2024:0558-1
- SUSE-SU-2024:0972-1
- SUSE-SU-2024:0974-1
- USN-6560-1
- USN-6560-2
- USN-6561-1
- USN-6585-1
- USN-6589-1
- USN-6598-1
- USN-6738-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2023-48795 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/pam_ssh_agent_auth?arch=x86_64&distro=amazonlinux-1 | amazonlinux | pam_ssh_agent_auth | < 0.10.3-2.22.81.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/pam_ssh_agent_auth?arch=i686&distro=amazonlinux-1 | amazonlinux | pam_ssh_agent_auth | < 0.10.3-2.22.81.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/openssh?arch=x86_64&distro=amazonlinux-1 | amazonlinux | openssh | < 7.4p1-22.81.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/openssh?arch=i686&distro=amazonlinux-1 | amazonlinux | openssh | < 7.4p1-22.81.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/openssh-server?arch=x86_64&distro=amazonlinux-1 | amazonlinux | openssh-server | < 7.4p1-22.81.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/openssh-server?arch=i686&distro=amazonlinux-1 | amazonlinux | openssh-server | < 7.4p1-22.81.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/openssh-ldap?arch=x86_64&distro=amazonlinux-1 | amazonlinux | openssh-ldap | < 7.4p1-22.81.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/openssh-ldap?arch=i686&distro=amazonlinux-1 | amazonlinux | openssh-ldap | < 7.4p1-22.81.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/openssh-keycat?arch=x86_64&distro=amazonlinux-1 | amazonlinux | openssh-keycat | < 7.4p1-22.81.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/openssh-keycat?arch=i686&distro=amazonlinux-1 | amazonlinux | openssh-keycat | < 7.4p1-22.81.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/openssh-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | openssh-debuginfo | < 7.4p1-22.81.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/openssh-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | openssh-debuginfo | < 7.4p1-22.81.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/openssh-clients?arch=x86_64&distro=amazonlinux-1 | amazonlinux | openssh-clients | < 7.4p1-22.81.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/openssh-clients?arch=i686&distro=amazonlinux-1 | amazonlinux | openssh-clients | < 7.4p1-22.81.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/openssh-cavs?arch=x86_64&distro=amazonlinux-1 | amazonlinux | openssh-cavs | < 7.4p1-22.81.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/openssh-cavs?arch=i686&distro=amazonlinux-1 | amazonlinux | openssh-cavs | < 7.4p1-22.81.amzn1 | amazonlinux-1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |