Lucene search
OracleLinuxELSA-2024-3166HistoryMay 23, 2024 - 12:00 a.m.
openssh security update
2024-05-2300:00:00
linux.oracle.com
16
openssh
security update
kill switch
scp
terrapin attack
fips compatibility
unix
cve-2020-15778
rhel-22870
rhel-19308
rhel-19788
rhel-5217
rhel-1684
rhel-5221
rhel-11548
rhel-5279
rhel-5321
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.5%
[8.0p1-24.0.1]
- Update upstream references [Orabug: 36587718]
[8.0p1-24] - Providing a kill switch for scp to deal with CVE-2020-15778
Resolves: RHEL-22870
[8.0p1-23] - Fix Terrapin attack
Resolves: RHEL-19308
[8.0p1-22] - Fix Terrapin attack
Resolves: RHEL-19308 - Forbid shell metasymbols in username/hostname
Resolves: RHEL-19788
[8.0p1-21] - Using DigestSign/DigestVerify functions for better FIPS compatibility
Resolves: RHEL-5217
[8.0p1-20] - Limit artificial delays in sshd while login using AD user
Resolves: RHEL-1684 - Add comment to OpenSSH server config about FIPS-incompatible key
Resolves: RHEL-5221 - Avoid killing all processes on system in case of race condition
Resolves: RHEL-11548 - Avoid sshd_config 256K limit
Resolves: RHEL-5279 - Using DigestSign/DigestVerify functions for better FIPS compatibility
Resolves: RHEL-5217 - Fix GSS KEX causing ssh failures when connecting to WinSSHD
Resolves: RHEL-5321
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 8 | src | openssh | < 8.0p1-24.0.1.el8 | openssh-8.0p1-24.0.1.el8.src.rpm |
| oracle linux | 8 | src | openssh | < 8.0p1-24.0.1.el8 | openssh-8.0p1-24.0.1.el8.src.rpm |
| oracle linux | 8 | src | openssh | < 8.0p1-24.0.1.el8 | openssh-8.0p1-24.0.1.el8.src.rpm |
| oracle linux | 8 | aarch64 | openssh | < 8.0p1-24.0.1.el8 | openssh-8.0p1-24.0.1.el8.aarch64.rpm |
| oracle linux | 8 | aarch64 | openssh | < 8.0p1-24.0.1.el8 | openssh-8.0p1-24.0.1.el8.aarch64.rpm |
| oracle linux | 8 | aarch64 | openssh-askpass | < 8.0p1-24.0.1.el8 | openssh-askpass-8.0p1-24.0.1.el8.aarch64.rpm |
| oracle linux | 8 | aarch64 | openssh-cavs | < 8.0p1-24.0.1.el8 | openssh-cavs-8.0p1-24.0.1.el8.aarch64.rpm |
| oracle linux | 8 | aarch64 | openssh-cavs | < 8.0p1-24.0.1.el8 | openssh-cavs-8.0p1-24.0.1.el8.aarch64.rpm |
| oracle linux | 8 | aarch64 | openssh-clients | < 8.0p1-24.0.1.el8 | openssh-clients-8.0p1-24.0.1.el8.aarch64.rpm |
| oracle linux | 8 | aarch64 | openssh-clients | < 8.0p1-24.0.1.el8 | openssh-clients-8.0p1-24.0.1.el8.aarch64.rpm |
Related
nessus
nessus
EulerOS Virtualization for ARM 64 3.0.6.0 : openssh (EulerOS-SA-2021-2018)
2021-06-30 00:00:00
IBM Spectrum Protect Plus OpenSSH Remote Command Injection
2021-06-30 00:00:00
CentOS 8 : openssh (CESA-2024:3166)
2024-05-22 00:00:00
ibm
ibm
osv
osv
Moderate: openssh security update
2024-05-22 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-15778 affecting package openssh 8.0p1-13
2020-11-30 19:30:42
cvelist
cvelist
CVE-2020-15778
2020-07-24 00:00:00
CVE-2023-38336
2023-07-14 00:00:00
f5
f5
K04305530 : SCP vulnerability CVE-2020-15778
2020-09-23 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2021-1993)
2021-06-29 00:00:00
OpenBSD OpenSSH <= 8.6 Command Injection Vulnerability
2020-08-03 00:00:00
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2021-2097)
2021-07-07 00:00:00
redhat
redhat
githubexploit
githubexploit
Exploit for OS Command Injection in Openbsd Openssh
2021-07-15 01:04:24
Exploit for OS Command Injection in Openbsd Openssh
2020-07-18 05:15:05
nvd
nvd
CVE-2020-15778
2020-07-24 14:15:12
CVE-2023-38336
2023-07-14 22:15:09
almalinux
almalinux
Moderate: openssh security update
2024-05-22 00:00:00
cve
cve
CVE-2020-15778
2020-07-24 14:15:12
CVE-2023-38336
2023-07-14 22:15:09
alpinelinux
alpinelinux
CVE-2020-15778
2020-07-24 14:15:00
prion
prion
Command injection
2020-07-24 14:15:00
Command injection
2023-07-14 22:15:00
debiancve
debiancve
CVE-2020-15778
2020-07-24 14:15:12
CVE-2023-38336
2023-07-14 22:15:09
ubuntucve
ubuntucve
CVE-2020-15778
2020-07-24 00:00:00
CVE-2023-38336
2023-07-14 00:00:00
gentoo
gentoo
OpenSSH: Multiple Vulnerabilities
2022-12-28 00:00:00
vulnrichment
vulnrichment
CVE-2020-15778
2020-07-24 00:00:00
redhatcve
redhatcve
CVE-2020-15778
2020-07-24 18:37:46
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
avleonov
avleonov
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.5%
Related for ELSA-2024-3166