139 matches found
Important: openssh
Issue Overview: A signal handler race condition was found in OpenSSH's server sshd, where a client does not authenticate within LoginGraceTime seconds 120 by default, 600 in old OpenSSH versions, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various...
Medium: openssh
Issue Overview: In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in ...
SUSE-SU-2024:0604-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2023-51385: Fixed a command injection via user name or host name metacharacters bsc1218215. - Remember the state of sshd service during update / removal, to allow cut-over to a different openssh package. bsc1220110...
SUSE-SU-2024:0603-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2023-51385: Fixed command injection via user name or host name metacharacters bsc1218215...
MGASA-2024-0010 Updated openssh packages fix security vulnerabilities
The updated packages fix security vulnerabilities: The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. CVE-2023-38408 Prefix Truncation Attacks in SSH...
SUSE-SU-2023:4905-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity bsc1217950...
SUSE-SU-2023:4903-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity bsc1217950...
SUSE-SU-2023:4902-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity bsc1217950. the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump...
Important: Red Hat Security Advisory: DevWorkspace Operator 0.22 release
Red Hat DevWorkspace Operator 0.22 has been released. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...
SUSE: Security Advisory (SUSE-SU-2023:2945-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:2950-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the...
SUSE-SU-2023:2947-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the...
SUSE-SU-2023:2946-1 Security update for openssh
This update for openssh fixes the following issue: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the age...
SUSE-SU-2023:2945-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the...
SUSE-SU-2023:2940-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the...
CVE-2023-28531
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...
PT-2022-10510
Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 8.9 Description An issue was discovered in OpenSSH where a client using public-key authentication with agent forwarding but without -oLogLevel=verbose may be unable to determine whether FIDO authentication is confirmi...
SUSE-SU-2022:0805-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2021-41617: Fixed a potential privilege escalation for non-default configuration settings bsc1190975...
SUSE-SU-2021:4153-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent bsc1183137...
OPENSUSE-SU-2021:4153-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent bsc1183137...