openssh security update

8.7p1-48.0.1 - Upstream references found with /usr/bin/ssh Orabug: 37814929 - upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand Orabug: 37647064 - Update upstream references Orabug: 36564626 8.7p1-48 - CVE-2026-3497: Fix information disclosure or denial of service due to...

OESA-2026-1497 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

openssh security update

8.7p1-47.0.1 - Upstream references found with /usr/bin/ssh Orabug: 37814929 - upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand Orabug: 37647064 - Update upstream references Orabug: 36564626 8.7p1-47 - CVE-2025-61984: Reject usernames with control characters Resolves: RHEL-1284...

redis: Denial-of-service due to unbounded pattern matching in Redis

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

redis: Denial-of-service due to unbounded pattern matching in Redis

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

UBUNTU-CVE-2024-31228

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

[SECURITY] [DSA 5586-1] openssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5586-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 22, 2023 https://www.debian.org/security/faq -...

openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured

A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system configuration, inherite...

OpenSSH 6.2 < 8.8

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with...

sshd in OpenSSH 6.2 through 8.x before 8.8 when certain non-default configurations are used allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process if the configuration specifies running the command as a different user.

...

UBUNTU-CVE-2021-41617

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with...

SUSE-SU-2020:3844-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2020-14145: Fixed an observable discrepancy leading to an information leak in the algorithm negotiation bsc1173513. - Fixed an issue where AuthorizedKeysCommand produced a lot of output bsc1161684. - Fixed an issue where oracle cluster wit...