[ALAS-2023-1898] Amazon Linux AMI 2014.03 - ALAS-2023-1898: medium priority package update for openssh

Severity Medium

Affected Packages 16

CVEs 1

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2023-48795:
AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommend customers update to the latest version of SSH.

Package	Affected Version
pkg:rpm/amazonlinux/pam_ssh_agent_auth?arch=x86_64&distro=amazonlinux-1	< 0.10.3-2.22.81.amzn1
pkg:rpm/amazonlinux/pam_ssh_agent_auth?arch=i686&distro=amazonlinux-1	< 0.10.3-2.22.81.amzn1
pkg:rpm/amazonlinux/openssh?arch=x86_64&distro=amazonlinux-1	< 7.4p1-22.81.amzn1
pkg:rpm/amazonlinux/openssh?arch=i686&distro=amazonlinux-1	< 7.4p1-22.81.amzn1
pkg:rpm/amazonlinux/openssh-server?arch=x86_64&distro=amazonlinux-1	< 7.4p1-22.81.amzn1
pkg:rpm/amazonlinux/openssh-server?arch=i686&distro=amazonlinux-1	< 7.4p1-22.81.amzn1
pkg:rpm/amazonlinux/openssh-ldap?arch=x86_64&distro=amazonlinux-1	< 7.4p1-22.81.amzn1
pkg:rpm/amazonlinux/openssh-ldap?arch=i686&distro=amazonlinux-1	< 7.4p1-22.81.amzn1
pkg:rpm/amazonlinux/openssh-keycat?arch=x86_64&distro=amazonlinux-1	< 7.4p1-22.81.amzn1
pkg:rpm/amazonlinux/openssh-keycat?arch=i686&distro=amazonlinux-1	< 7.4p1-22.81.amzn1
pkg:rpm/amazonlinux/openssh-debuginfo?arch=x86_64&distro=amazonlinux-1	< 7.4p1-22.81.amzn1
pkg:rpm/amazonlinux/openssh-debuginfo?arch=i686&distro=amazonlinux-1	< 7.4p1-22.81.amzn1
pkg:rpm/amazonlinux/openssh-clients?arch=x86_64&distro=amazonlinux-1	< 7.4p1-22.81.amzn1
pkg:rpm/amazonlinux/openssh-clients?arch=i686&distro=amazonlinux-1	< 7.4p1-22.81.amzn1
pkg:rpm/amazonlinux/openssh-cavs?arch=x86_64&distro=amazonlinux-1	< 7.4p1-22.81.amzn1
pkg:rpm/amazonlinux/openssh-cavs?arch=i686&distro=amazonlinux-1	< 7.4p1-22.81.amzn1

ID

ALAS-2023-1898

Severity

medium

URL

https://alas.aws.amazon.com/ALAS-2023-1898.html

Published

2023-12-18T09:20:00
(9 months ago)

Modified

2023-12-19T14:20:00
(9 months ago)

Rights

Amazon Linux Security Team

Other Advisories

Source	# ID	Name	URL
CVE	CVE-2023-48795		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/amazonlinux/pam_ssh_agent_auth?arch=x86_64&distro=amazonlinux-1	amazonlinux	pam_ssh_agent_auth	< 0.10.3-2.22.81.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/pam_ssh_agent_auth?arch=i686&distro=amazonlinux-1	amazonlinux	pam_ssh_agent_auth	< 0.10.3-2.22.81.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/openssh?arch=x86_64&distro=amazonlinux-1	amazonlinux	openssh	< 7.4p1-22.81.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/openssh?arch=i686&distro=amazonlinux-1	amazonlinux	openssh	< 7.4p1-22.81.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/openssh-server?arch=x86_64&distro=amazonlinux-1	amazonlinux	openssh-server	< 7.4p1-22.81.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/openssh-server?arch=i686&distro=amazonlinux-1	amazonlinux	openssh-server	< 7.4p1-22.81.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/openssh-ldap?arch=x86_64&distro=amazonlinux-1	amazonlinux	openssh-ldap	< 7.4p1-22.81.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/openssh-ldap?arch=i686&distro=amazonlinux-1	amazonlinux	openssh-ldap	< 7.4p1-22.81.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/openssh-keycat?arch=x86_64&distro=amazonlinux-1	amazonlinux	openssh-keycat	< 7.4p1-22.81.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/openssh-keycat?arch=i686&distro=amazonlinux-1	amazonlinux	openssh-keycat	< 7.4p1-22.81.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/openssh-debuginfo?arch=x86_64&distro=amazonlinux-1	amazonlinux	openssh-debuginfo	< 7.4p1-22.81.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/openssh-debuginfo?arch=i686&distro=amazonlinux-1	amazonlinux	openssh-debuginfo	< 7.4p1-22.81.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/openssh-clients?arch=x86_64&distro=amazonlinux-1	amazonlinux	openssh-clients	< 7.4p1-22.81.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/openssh-clients?arch=i686&distro=amazonlinux-1	amazonlinux	openssh-clients	< 7.4p1-22.81.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/openssh-cavs?arch=x86_64&distro=amazonlinux-1	amazonlinux	openssh-cavs	< 7.4p1-22.81.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/openssh-cavs?arch=i686&distro=amazonlinux-1	amazonlinux	openssh-cavs	< 7.4p1-22.81.amzn1	amazonlinux-1	i686

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date