SUSE: 2023:2414-1 Important Fix For bci/nodejs Remote Code Execution
suse
July 25, 2023
The container bci/nodejs was updated
Summary
Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important
References
References : 1186673 1209536 1213004 1213008 1213504 CVE-2023-38408
1186673,1209536,1213004,1213008,1213504,CVE-2023-38408
This update for openssh fixes the following issues:
- CVE-2023-38408: Fixed a condition where specific libaries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code
execution via a forwarded agent socket if those libraries were present on the
victim's system and if the agent was forwarded to an attacker-controlled
system. [bsc#1213504, CVE-2023-38408]
- Close the right filedescriptor and also close fdh in read_hmac to avoid file
descriptor leaks. [bsc#1209536]
- Attempts to mitigate instances of secrets lingering in memory after a session
exits. [bsc#1186673, bsc#1213004, bsc#1213008]
The following package changes have been done:
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Container Advisory ID : SUSE-CU-2023:2414-1
Container Tags : bci/node:16 , bci/node:16-9.14 , bci/nodejs:16 , bci/nodejs:16-9.14
Container Release : 9.14
Severity : important
Type : security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!