Lucene search

K
rockyRockylinux Product ErrataRLSA-2024:0606
HistoryFeb 12, 2024 - 8:17 p.m.

openssh security update

2024-02-1220:17:16
Rockylinux Product Errata
errata.rockylinux.org
120
openssh
security update
rocky linux 8
vulnerability
cvss
ssh protocol
binary packet protocol
command injection
cve
severity rating
unix

6.9 Medium

AI Score

Confidence

High

0.962 High

EPSS

Percentile

99.5%

An update is available for openssh.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

  • ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)

  • openssh: potential command injection via shell metacharacters (CVE-2023-51385)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.