Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Mageia 9 MGASA-2024-0010 Critical: OpenSSH Command Injection Risks

mageia
Calendar Grey January 14, 2024
Dist Mageia Esm H88
Mageia's updates in January 2024 for OpenSSH address various weaknesses, enhancing the security of remote access connections.
The updated packages fix security vulnerabilities: The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code ex...

Summary

The updated packages fix security vulnerabilities: The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (CVE-2023-38408) Prefix Truncation Attacks in SSH Specification (Terrapin Attack). (CVE-2023-48795) In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys. (CVE-2023-51384) In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. (CVE-2023-51385)

References

- https://bugs.mageia.org/show_bug.cgi?id=32704

- https://ubuntu.com/security/notices/USN-6565-1

- https://www.openwall.com/lists/oss-security/2023/12/18/3

- https://www.openwall.com/lists/oss-security/2023/12/19/5

- https://www.openwall.com/lists/oss-security/2023/12/20/3

- https://bugs.mageia.org/show_bug.cgi?id=31001

- https://www.openwall.com/lists/oss-security/2023/07/19/8

- https://www.openwall.com/lists/oss-security/2023/07/19/9

- https://www.openssh.org/txt/release-9.3p2

- https://www.cve.org/CVERecord?id=CVE-2023-38408

- https://www.cve.org/CVERecord?id=CVE-2023-48795

- https://www.cve.org/CVERecord?id=CVE-2023-51384

- https://www.cve.org/CVERecord?id=CVE-2023-51385

Resolution

SRPMS

- 9/core/openssh-9.3p1-2.1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 14 Jan 2024
URL: https://advisories.mageia.org/MGASA-2024-0010.html
Type: security
CVE: CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here