Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Fedora 39: 2024-8f402b2891 Vital: OpenSSH Session Limitations

fedora
Calendar Grey January 12, 2024
Dist Fedora Esm H88
Important update for Fedora 39 regarding OpenSSH focused on bolstering security measures for user IDs and safeguarding against unauthorized access.
Forbid shell metasymbols in username/hostname Resolve Terrapin attack Apply destination constraints to all PKCS#11 keys

Summary

SSH (Secure SHell) is a program for logging into and executing

commands on a remote machine. SSH is intended to replace rlogin and

rsh, and to provide secure encrypted communications between two

untrusted hosts over an insecure network. X11 connections and

arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's version of the last free version of SSH, bringing

it up to date in terms of security and features.

This package includes the core files necessary for both the OpenSSH

client and server. To make this package useful, you should also

install openssh-clients, openssh-server, or both.

Update Information:

Forbid shell metasymbols in username/hostname Resolve Terrapin attack Apply destination constraints to all PKCS#11 keys

Topics%20covered

Topics Covered

security advisory fedora openssh attack mitigation shell constraints pkcs#11 security

Change Log

* Wed Jan 10 2024 Dmitry Belyavskiy - 9.3p1-10 - Forbid shell metasymbols in username/hostname Resolves: CVE-2023-51385 - Fix Terrapin attack Resolves: CVE-2023-48795 - Apply destination constraints to all PKCS#11 keys Resolves: CVE-2023-51384

References

Fedora Update Notification FEDORA-2024-7e301327c2 2024-01-12 01:10:53.040064 Name : openssh Product : Fedora 39 Version : 9.3p1 Release : 10.fc39 URL : https://www.openssh.org/portable.html Summary : An open source implementation of SSH protocol version 2 Description : SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-7e301327c2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: openssh
Product: Fedora 39
Version: 9.3p1
Release: 10.fc39
URL: https://www.openssh.org/portable.html
Summary: An open source implementation of SSH protocol version 2

Topics%20covered

Topics Covered

security advisory fedora openssh attack mitigation shell constraints pkcs#11 security

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here