Description:
fixes a protocol weakness in the golang.org/x/crypto/ssh package that
allowed a MITM attacker to compromise the integrity of the secure
channel before it was established, allowing them to prevent transmission
of a number of messages immediately after the secure channel was
established without either side being aware.
The impact of this attack is relatively limited, as it does not
compromise confidentiality of the channel. Notably this attack would
allow an attacker to prevent the transmission of the SSH2_MSG_EXT_INFO
message, disabling a handful of newer security features.
- https://bugs.mageia.org/show_bug.cgi?id=32674
- https://www.openwall.com/lists/oss-security/2023/12/18/3
- https://www.openwall.com/lists/oss-security/2023/12/19/5
- https://www.openwall.com/lists/oss-security/2023/12/20/3
- https://www.cve.org/CVERecord?id=CVE-2023-48795
- 9/core/golang-x-crypto-0.45.0-1.mga9
- 9/core/golang-x-sys-0.30.0-2.mga9
Publication date:07 Jun 2026
Get the latest Linux and open source security news straight to your inbox.