[RLSA-2024:0606] openssh security update

Severity Moderate

Affected Packages 8

CVEs 2

An update is available for openssh. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
openssh: potential command injection via shell metacharacters (CVE-2023-51385)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/rockylinux/pam_ssh_agent_auth?arch=aarch64&distro=rockylinux-8.9	< 0.10.3-7.19.el8_9.2
pkg:rpm/rockylinux/openssh?arch=aarch64&distro=rockylinux-8.9	< 8.0p1-19.el8_9.2
pkg:rpm/rockylinux/openssh-server?arch=aarch64&distro=rockylinux-8.9	< 8.0p1-19.el8_9.2
pkg:rpm/rockylinux/openssh-ldap?arch=aarch64&distro=rockylinux-8.9	< 8.0p1-19.el8_9.2
pkg:rpm/rockylinux/openssh-keycat?arch=aarch64&distro=rockylinux-8.9	< 8.0p1-19.el8_9.2
pkg:rpm/rockylinux/openssh-clients?arch=aarch64&distro=rockylinux-8.9	< 8.0p1-19.el8_9.2
pkg:rpm/rockylinux/openssh-cavs?arch=aarch64&distro=rockylinux-8.9	< 8.0p1-19.el8_9.2
pkg:rpm/rockylinux/openssh-askpass?arch=aarch64&distro=rockylinux-8.9	< 8.0p1-19.el8_9.2

ID

RLSA-2024:0606

Severity

moderate

URL

https://errata.rockylinux.org/RLSA-2024:0606

Published

2024-02-12T20:17:16
(7 months ago)

Modified

2024-02-12T20:19:02
(7 months ago)

Rights

Other Advisories

Source	# ID	URL
CVE	CVE-2023-48795	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
CVE	CVE-2023-51385	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385
Bugzilla	2254210	https://bugzilla.redhat.com/show_bug.cgi?id=2254210
Bugzilla	2255271	https://bugzilla.redhat.com/show_bug.cgi?id=2255271
Self	RLSA-2024:0606	https://errata.rockylinux.org/RLSA-2024:0606

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/rockylinux/pam_ssh_agent_auth?arch=aarch64&distro=rockylinux-8.9	rockylinux	pam_ssh_agent_auth	< 0.10.3-7.19.el8_9.2	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/openssh?arch=aarch64&distro=rockylinux-8.9	rockylinux	openssh	< 8.0p1-19.el8_9.2	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/openssh-server?arch=aarch64&distro=rockylinux-8.9	rockylinux	openssh-server	< 8.0p1-19.el8_9.2	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/openssh-ldap?arch=aarch64&distro=rockylinux-8.9	rockylinux	openssh-ldap	< 8.0p1-19.el8_9.2	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/openssh-keycat?arch=aarch64&distro=rockylinux-8.9	rockylinux	openssh-keycat	< 8.0p1-19.el8_9.2	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/openssh-clients?arch=aarch64&distro=rockylinux-8.9	rockylinux	openssh-clients	< 8.0p1-19.el8_9.2	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/openssh-cavs?arch=aarch64&distro=rockylinux-8.9	rockylinux	openssh-cavs	< 8.0p1-19.el8_9.2	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/openssh-askpass?arch=aarch64&distro=rockylinux-8.9	rockylinux	openssh-askpass	< 8.0p1-19.el8_9.2	rockylinux-8.9	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date