- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202307-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: OpenSSH: Remote Code Execution
Date: July 20, 2023
Bugs: #892936, #905299, #910553
ID: 202307-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerbilities have been discovered in OpenSSH, the worst of
which could result in remote code execution.
Background
=========
OpenSSH is a free application suite consisting of server and clients
that replace tools like telnet, rlogin, rcp and ftp with more secure
versions offering additional functionality.
Affected packages
================
Package Vulnerable Unaffected
---------------- ------------ ------------
net-misc/openssh < 9.3_p2 >= 9.3_p2
Description
==========
Multiple vulnerabilities have been discovered in OpenSSH. Please review
the CVE identifiers referenced below for details.
Impact
=====
Please review the CVE identifiers referenced below for details.
Workaround
=========
CVE-2023-38408 can be worked around by avoiding connecting to untrusted
servers with an SSH agent.
Resolution
=========
All OpenSSH users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/openssh-9.3_p2"
References
=========
[ 1 ] CVE-2023-25136
https://nvd.nist.gov/vuln/detail/CVE-2023-25136
[ 2 ] CVE-2023-28531
https://nvd.nist.gov/vuln/detail/CVE-2023-28531
[ 3 ] CVE-2023-38408
https://nvd.nist.gov/vuln/detail/CVE-2023-38408
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202307-01
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Gentoo: GLSA-202307-01: OpenSSH: Remote Code Execution
Multiple vulnerbilities have been discovered in OpenSSH, the worst of which could result in remote code execution.
Summary
Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.
Resolution
All OpenSSH users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/openssh-9.3_p2"
References
[ 1 ] CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 [ 2 ] CVE-2023-28531 https://nvd.nist.gov/vuln/detail/CVE-2023-28531 [ 3 ] CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202307-01
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to [email protected] or alternatively, you may file a bug at https://bugs.gentoo.org.
Severity
Severity: High
Title: OpenSSH: Remote Code Execution
Date: July 20, 2023
Bugs: #892936, #905299, #910553
ID: 202307-01
Synopsis
Multiple vulnerbilities have been discovered in OpenSSH, the worst of which could result in remote code execution.
Background
OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality.
Affected Packages
Package Vulnerable Unaffected ---------------- ------------ ------------ net-misc/openssh < 9.3_p2 >= 9.3_p2
Impact
===== Please review the CVE identifiers referenced below for details.
Workaround
CVE-2023-38408 can be worked around by avoiding connecting to untrusted servers with an SSH agent.
News
HOWTOs
Features
About Us
Powered By
