K000140975: OpenSSH vulnerability CVE-2024-6409

Security Advisory Description A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various...

CLSA-2024-1721929402 openssh: Fix of CVE-2024-6409

CVE-2024-6409: fix signal handler race condition vulnerability in sshd server...

Amazon Linux 2023 : openssh, openssh-clients, openssh-keycat (ALAS2023-2024-651)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-651 advisory. A signal handler race condition vulnerability was found in OpenSSH's server sshd, where a client does not authenticate within LoginGraceTime seconds 120 by default, 600 in old OpenSSH versions, then...

Fedora: Security Advisory for jsch (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: jsch-0.1.55-16.fc40

JSch allows you to connect to an sshd server and use port forwarding, X11 forwarding, file transfer, etc., and you can integrate its functionality into your own Java programs...

K31440025: OpenSSH vulnerability CVE-2016-10009

Security Advisory Description Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket. CVE-2016-10009 Impact Running the ssh-agent program requires a...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.2 security update on RHEL 8 (Moderate) (RHSA-2021:4677)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4677 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.2 security update on RHEL 7

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

AIX OpenSSH Advisory : openssh_advisory8.asc

The remote AIX host has a version of OpenSSH installed that is affected by the following vulnerabilities : - A remote code execution vulnerability exists in the sshd server component of OpenSSH due to improper sanitization of X11 authentication credentials. An authenticated, remote attacker can...

[SECURITY] Fedora 20 Update: denyhosts-2.6-29.fc20.1

DenyHosts is a Python script that analyzes the sshd server log messages to determine which hosts are attempting to hack into your system. It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host and, upon discovering a repeated attack...

[SECURITY] Fedora 7 Update: denyhosts-2.6-5.fc7

DenyHosts is a Python script that analyzes the sshd server log messages to determine which hosts are attempting to hack into your system. It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host and, upon discovering a repeated attack...

Important: Red Hat Security Advisory: openssh security update

Updated openssh packages that fix several security issues in sshd are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. This package...

Mandrake Linux Security Advisory : openssh (MDKSA-2001:081)

In some circumstances, the sshd server may not honor the 'from=' option that can be associated with a key in a user's /.ssh/authorizedkeys2 file if multiple keys are listed. This could allow key-based logins from hosts which should not be allowed access. %NASLMINLEVEL 70300 C Tenable Network...