Ubuntu 16.04 LTS: USN-6560-3 Moderate: OpenSSH Command Injection
Sep 16, 2024
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
OpenSSH could be made to crash or run programs as your login if it received a specially crafted input.
==========================================================================
Ubuntu Security Notice USN-6560-3
September 16, 2024
openssh vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
OpenSSH could be made to crash or run programs as your login
if it received a specially crafted input.
Software Description:
- openssh: secure shell (SSH) for secure access to remote machines
Details:
USN-6560-2 fixed a vulnerability in OpenSSH. This update provides
the corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
It was discovered that OpenSSH incorrectly handled user names or host
names with shell metacharacters. An attacker could possibly use this
issue to perform OS command injection.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
openssh-client 1:7.2p2-4ubuntu2.10+esm6
Available with Ubuntu Pro
openssh-server 1:7.2p2-4ubuntu2.10+esm6
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6560-3
https://ubuntu.com/security/notices/USN-6560-2
https://ubuntu.com/security/notices/USN-6560-1
CVE-2023-51385
PREVIOUS
NEXT
Ubuntu 16.04 LTS: USN-6560-3 Moderate: OpenSSH Command Injection
ubuntu
September 16, 2024
OpenSSH could be made to crash or run programs as your login if it received a specially crafted input.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: OpenSSH could be made to crash or run programs as your login if it received a specially crafted input. Software Description: - openssh: secure shell (SSH) for secure access to remote machines Details: USN-6560-2 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: It was discovered that OpenSSH incorrectly handled user names or host names with shell metacharacters. An attacker could possibly use this issue to perform OS command injection.
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS openssh-client 1:7.2p2-4ubuntu2.10+esm6 Available with Ubuntu Pro openssh-server 1:7.2p2-4ubuntu2.10+esm6 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6560-3
https://ubuntu.com/security/notices/USN-6560-2
https://ubuntu.com/security/notices/USN-6560-1
CVE-2023-51385
Ubuntu Security Notice USN-6560-3
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!