Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

openSUSE: 2024:0042-1 Moderate: SecureShell Update Advisory

opensuse
Calendar Grey January 31, 2024
Dist Opensuse Esm H88
openSUSE releases a security patch for tinyssh tackling a race condition and a key exchange flaw, classified as moderate.
An update that fixes one vulnerability is now available

Description

This update for tinyssh fixes the following issues:

tinyssh was updated to 20240101 (boo#1218197, CVE-2023-48795):

* fixed channel_forkpty() race condition between close(slave) in parent

process and login_tty(slave) in child process

* fixed behavior when using terminal mode and stdin redirected to

/dev/null 'ssh -tt -n'

* added an 'strict-key' key exchange kex-strict- s-v00@openssh.com

(Mitigates CVE-2023-48795 "Terrapin attack")

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2024-36=1

Package List

- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):

tinyssh-20240101-bp155.2.3.1

References

https://www.suse.com/security/cve/CVE-2023-48795.html

https://bugzilla.suse.com/1218197

Announcement ID: openSUSE-SU-2024:0036-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP5 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here