Lucene search
UbuntuUSN-6560-1HistoryDec 19, 2023 - 12:00 a.m.
OpenSSH vulnerabilities
2023-12-1900:00:00
ubuntu.com
68
openssh
ubuntu
vulnerabilities
terrapin attack
extension negotiation
cve-2023-48795
smartcard keys
cve-2023-28531
Releases
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Packages
- openssh - secure shell (SSH) for secure access to remote machines
Details
Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH
protocol was vulnerable to a prefix truncation attack. If a remote attacker
was able to intercept SSH communications, extension negotiation messages
could be truncated, possibly leading to certain algorithms and features
being downgraded. This issue is known as the Terrapin attack. This update
adds protocol extensions to mitigate this issue. (CVE-2023-48795)
Luci Stanescu discovered that OpenSSH incorrectly added destination
constraints when smartcard keys were added to ssh-agent, contrary to
expectations. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-28531)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 23.10 | noarch | openssh-client | < 1:9.3p1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | openssh-client-dbgsym | < 1:9.3p1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | openssh-server | < 1:9.3p1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | openssh-server-dbgsym | < 1:9.3p1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | openssh-sftp-server | < 1:9.3p1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | openssh-sftp-server-dbgsym | < 1:9.3p1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | openssh-tests | < 1:9.3p1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | openssh-tests-dbgsym | < 1:9.3p1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | ssh | < 1:9.3p1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | ssh-askpass-gnome | < 1:9.3p1-1ubuntu3.1 | UNKNOWN |
Related
cloudfoundry
cloudfoundry
USN-6560-1: OpenSSH vulnerabilities | Cloud Foundry
2024-02-29 00:00:00
USN-6561-1: libssh vulnerability | Cloud Foundry
2024-04-04 00:00:00
osv
osv
openssh vulnerabilities
2023-12-19 13:02:10
CVE-2023-28531
2023-03-17 04:15:14
python-asyncssh - security update
2024-02-01 00:00:00
nessus
nessus
openvas
openvas
Ubuntu: Security Advisory (USN-6560-1)
2023-12-20 00:00:00
Fedora: Security Advisory for openssh (FEDORA-2024-2aac54ebb7)
2024-02-12 00:00:00
OpenBSD OpenSSH 8.9 - 9.2 Unspecified Vulnerability
2023-03-16 00:00:00
cvelist
cvelist
CVE-2023-28531
2023-03-17 00:00:00
CVE-2023-48795
2023-12-18 00:00:00
veracode
veracode
Privilege Escalation
2023-06-07 06:26:47
Rogue Session Attack (Terrapin)
2023-12-19 06:46:15
Prefix Truncation Attack (Terrapin Attack)
2023-12-19 09:12:16
alpinelinux
alpinelinux
CVE-2023-28531
2023-03-17 04:15:14
CVE-2023-48795
2023-12-18 16:15:10
prion
prion
Code injection
2023-03-17 04:15:00
Design/Logic Flaw
2023-12-18 16:15:00
cve
cve
CVE-2023-28531
2023-03-17 04:15:14
freebsd_advisory
freebsd_advisory
FreeBSD-SA-23:05.openssh
2023-06-21 00:00:00
FreeBSD-SA-23:19.openssh
2023-12-19 00:00:00
debiancve
debiancve
CVE-2023-28531
2023-03-17 04:15:14
CVE-2023-48795
2023-12-18 16:15:10
cbl_mariner
cbl_mariner
CVE-2023-28531 affecting package openssh 8.9p1-1
2023-06-27 21:25:25
CVE-2023-48795 affecting package erlang for versions less than 25.2-2
2024-02-25 03:00:06
ubuntucve
ubuntucve
CVE-2023-28531
2023-03-17 00:00:00
freebsd
freebsd
FreeBSD -- ssh-add does not honor per-hop destination constraints
2023-06-21 00:00:00
putty -- add protocol extension against 'Terrapin attack'
2023-10-16 00:00:00
jenkins -- Terrapin SSH vulnerability in Jenkins CLI client
2024-04-17 00:00:00
redos
redos
ROS-20230911-06
2023-09-11 00:00:00
ROS-20240422-04
2024-04-22 00:00:00
ROS-20240408-15
2024-04-08 00:00:00
f5
f5
K000133517 : OpenSSH vulnerability CVE-2023-28531
2023-04-14 00:00:00
K000138264 : SSH vulnerability CVE-2023-48795
2024-01-17 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: openssh-9.0p1-19.fc38
2024-02-12 01:52:39
[SECURITY] Fedora 39 Update: proftpd-1.3.8b-1.fc39
2023-12-30 01:23:29
[SECURITY] Fedora 39 Update: golang-x-crypto-0.18.0-1.fc39
2024-01-18 01:47:06
redhatcve
redhatcve
CVE-2023-28531
2023-03-17 12:43:10
debian
debian
[SECURITY] [DSA 5586-1] openssh security update
2023-12-22 09:00:07
[SECURITY] [DSA 5599-1] phpseclib security update
2024-01-12 07:13:27
[SECURITY] [DSA 5600-1] php-phpseclib security update
2024-01-12 07:13:37
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0444
2023-08-02 00:00:00
mageia
mageia
Updated filezilla packages fix a security vulnerability ("Terrapin attack")
2024-02-10 04:03:35
Updated libssh2 packages fix a security vulnerability (Terrapin Attack)
2024-01-08 13:12:44
Updated erlang packages fix a security vulnerability (Terrapin Attack)
2024-01-20 01:43:32
oraclelinux
oraclelinux
openssh security update
2024-02-13 00:00:00
buildah security update
2024-03-07 00:00:00
openssh security update
2024-03-18 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2382
2024-03-26 11:47:18
ibm
ibm
paloalto
paloalto
Impact of Terrapin SSH Attack
2024-01-09 01:30:00
redhat
redhat
(RHSA-2024:0628) Moderate: libssh security update
2024-01-31 08:17:03
(RHSA-2024:0499) Moderate: libssh security update
2024-01-25 15:19:29
ubuntu
ubuntu
FileZilla vulnerability
2024-01-18 00:00:00
libssh2 vulnerability
2024-01-15 00:00:00
LXD vulnerability
2024-04-22 00:00:00
atlassian
atlassian
CVE-2023-48795 vulnerability on SSH
2024-01-04 17:19:13
amazon
amazon
Medium: openssh
2023-12-18 09:20:00
thn
thn
New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security
2024-01-01 09:37:00
hackerone
hackerone
cgr
cgr
CVE-2023-48795 vulnerabilities
2024-05-19 03:07:16