[ELSA-2024-12157] openssh security update

Severity Moderate

Affected Packages 9

CVEs 1

[7.4p1-23.0.3]
- add KEX_INITIAL flag [Orabug: 36160445]
- implement 'strict key exchange' [CVE-2023-48795][Orabug: 36160445]

Package	Affected Version
pkg:rpm/oraclelinux/pam_ssh_agent_auth?distro=oraclelinux-7.9	< 0.10.3-2.23.0.3.el7_9
pkg:rpm/oraclelinux/openssh?distro=oraclelinux-7.9	< 7.4p1-23.0.3.el7_9
pkg:rpm/oraclelinux/openssh-server?distro=oraclelinux-7.9	< 7.4p1-23.0.3.el7_9
pkg:rpm/oraclelinux/openssh-server-sysvinit?distro=oraclelinux-7.9	< 7.4p1-23.0.3.el7_9
pkg:rpm/oraclelinux/openssh-ldap?distro=oraclelinux-7.9	< 7.4p1-23.0.3.el7_9
pkg:rpm/oraclelinux/openssh-keycat?distro=oraclelinux-7.9	< 7.4p1-23.0.3.el7_9
pkg:rpm/oraclelinux/openssh-clients?distro=oraclelinux-7.9	< 7.4p1-23.0.3.el7_9
pkg:rpm/oraclelinux/openssh-cavs?distro=oraclelinux-7.9	< 7.4p1-23.0.3.el7_9
pkg:rpm/oraclelinux/openssh-askpass?distro=oraclelinux-7.9	< 7.4p1-23.0.3.el7_9

ID

ELSA-2024-12157

Severity

moderate

URL

https://linux.oracle.com/errata/ELSA-2024-12157.html

Published

2024-02-13T00:00:00
(7 months ago)

Modified

2024-02-13T00:00:00
(7 months ago)

Rights

Other Advisories

Source	# ID	Name	URL
elsa	ELSA-2024-12157		https://linux.oracle.com/errata/ELSA-2024-12157.html
CVE	CVE-2023-48795		https://linux.oracle.com/cve/CVE-2023-48795.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/oraclelinux/pam_ssh_agent_auth?distro=oraclelinux-7.9	oraclelinux	pam_ssh_agent_auth	< 0.10.3-2.23.0.3.el7_9	oraclelinux-7.9
Affected	pkg:rpm/oraclelinux/openssh?distro=oraclelinux-7.9	oraclelinux	openssh	< 7.4p1-23.0.3.el7_9	oraclelinux-7.9
Affected	pkg:rpm/oraclelinux/openssh-server?distro=oraclelinux-7.9	oraclelinux	openssh-server	< 7.4p1-23.0.3.el7_9	oraclelinux-7.9
Affected	pkg:rpm/oraclelinux/openssh-server-sysvinit?distro=oraclelinux-7.9	oraclelinux	openssh-server-sysvinit	< 7.4p1-23.0.3.el7_9	oraclelinux-7.9
Affected	pkg:rpm/oraclelinux/openssh-ldap?distro=oraclelinux-7.9	oraclelinux	openssh-ldap	< 7.4p1-23.0.3.el7_9	oraclelinux-7.9
Affected	pkg:rpm/oraclelinux/openssh-keycat?distro=oraclelinux-7.9	oraclelinux	openssh-keycat	< 7.4p1-23.0.3.el7_9	oraclelinux-7.9
Affected	pkg:rpm/oraclelinux/openssh-clients?distro=oraclelinux-7.9	oraclelinux	openssh-clients	< 7.4p1-23.0.3.el7_9	oraclelinux-7.9
Affected	pkg:rpm/oraclelinux/openssh-cavs?distro=oraclelinux-7.9	oraclelinux	openssh-cavs	< 7.4p1-23.0.3.el7_9	oraclelinux-7.9
Affected	pkg:rpm/oraclelinux/openssh-askpass?distro=oraclelinux-7.9	oraclelinux	openssh-askpass	< 7.4p1-23.0.3.el7_9	oraclelinux-7.9

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date