Stay Secure with the Latest Linux Advisories

security advisorydenial of servicesecurity update

Gentoo: GLSA-202307-01 High: OpenSSH Remote Code Execution Risk

Multiple vulnerbilities have been discovered in OpenSSH, the worst of which could result in remote code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202307-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: OpenSSH: Remote Code Execution Date: July 20, 2023 Bugs: #892936, #905299, #910553 ID: 202307-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerbilities have been discovered in OpenSSH, the worst of which could result in remote code execution. Background ========= OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Affected packages ================ Package Vulnerable Unaffected ---------------- ------------ ------------ net-misc/openssh < 9.3_p2 > = 9.3_p2 Description ========== Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact ===== Please review the CVE identifiers referenced below for details. Workaround ========= CVE-2023-38408 can be worked around by avoiding connecting to untrusted servers with an SSH agent. Resolution ========= All OpenSSH users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/openssh-9.3_p2" References ========= [ 1 ] CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 [ 2 ] CVE-2023-28531 https://nvd.nist.gov/vuln/detail/CVE-2023-28531 [ 3 ] CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 Availability =========== This GLSA and any updates to it are available for viewing at theGentoo Security Website: https://security.gentoo.org/glsa/202307-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Numerous flaws identified in OpenSSH could result in critical remote code execution risks. It is advisable for all users to perform upgrades.. OpenSSH Vulnerabilities, Gentoo Security, Remote Code Risks. . LinuxSecurity.com Team

Jul 20, 2023 Gentoo