[ELSA-2024-0606] openssh security update

Severity Moderate

Affected Packages 8

CVEs 2

[8.0p1-19.2]
- Forbid shell metasymbols in username/hostname
Resolves: CVE-2023-51385
- Fix Terrapin attack
Resolves: CVE-2023-48795

Package	Affected Version
pkg:rpm/oraclelinux/pam_ssh_agent_auth?distro=oraclelinux-8.9	< 0.10.3-7.19.el8_9.2
pkg:rpm/oraclelinux/openssh?distro=oraclelinux-8.9	< 8.0p1-19.el8_9.2
pkg:rpm/oraclelinux/openssh-server?distro=oraclelinux-8.9	< 8.0p1-19.el8_9.2
pkg:rpm/oraclelinux/openssh-ldap?distro=oraclelinux-8.9	< 8.0p1-19.el8_9.2
pkg:rpm/oraclelinux/openssh-keycat?distro=oraclelinux-8.9	< 8.0p1-19.el8_9.2
pkg:rpm/oraclelinux/openssh-clients?distro=oraclelinux-8.9	< 8.0p1-19.el8_9.2
pkg:rpm/oraclelinux/openssh-cavs?distro=oraclelinux-8.9	< 8.0p1-19.el8_9.2
pkg:rpm/oraclelinux/openssh-askpass?distro=oraclelinux-8.9	< 8.0p1-19.el8_9.2

ID

ELSA-2024-0606

Severity

moderate

URL

https://linux.oracle.com/errata/ELSA-2024-0606.html

Published

2024-02-01T00:00:00
(7 months ago)

Modified

2024-02-01T00:00:00
(7 months ago)

Rights

Other Advisories

Source	# ID	URL
elsa	ELSA-2024-0606	https://linux.oracle.com/errata/ELSA-2024-0606.html
CVE	CVE-2023-51385	https://linux.oracle.com/cve/CVE-2023-51385.html
CVE	CVE-2023-48795	https://linux.oracle.com/cve/CVE-2023-48795.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/oraclelinux/pam_ssh_agent_auth?distro=oraclelinux-8.9	oraclelinux	pam_ssh_agent_auth	< 0.10.3-7.19.el8_9.2	oraclelinux-8.9
Affected	pkg:rpm/oraclelinux/openssh?distro=oraclelinux-8.9	oraclelinux	openssh	< 8.0p1-19.el8_9.2	oraclelinux-8.9
Affected	pkg:rpm/oraclelinux/openssh-server?distro=oraclelinux-8.9	oraclelinux	openssh-server	< 8.0p1-19.el8_9.2	oraclelinux-8.9
Affected	pkg:rpm/oraclelinux/openssh-ldap?distro=oraclelinux-8.9	oraclelinux	openssh-ldap	< 8.0p1-19.el8_9.2	oraclelinux-8.9
Affected	pkg:rpm/oraclelinux/openssh-keycat?distro=oraclelinux-8.9	oraclelinux	openssh-keycat	< 8.0p1-19.el8_9.2	oraclelinux-8.9
Affected	pkg:rpm/oraclelinux/openssh-clients?distro=oraclelinux-8.9	oraclelinux	openssh-clients	< 8.0p1-19.el8_9.2	oraclelinux-8.9
Affected	pkg:rpm/oraclelinux/openssh-cavs?distro=oraclelinux-8.9	oraclelinux	openssh-cavs	< 8.0p1-19.el8_9.2	oraclelinux-8.9
Affected	pkg:rpm/oraclelinux/openssh-askpass?distro=oraclelinux-8.9	oraclelinux	openssh-askpass	< 8.0p1-19.el8_9.2	oraclelinux-8.9

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date