Critical OpenSSH RCE Bugs Fixed
Two critical remote code execution (RCE) vulnerabilities have been found in OpenSSH (CVE-2023-28531 and CVE-2023-38408). Because these bugs are simple to exploit and pose a severe threat to impacted systems' confidentiality, integrity, and availability, they have received a National Vulnerability Database base score of 9.8 out of 10 (“Critical” severity).
These flaws could lead to remote code execution (RCE) attacks, potentially resulting in malware execution or an attacker gaining complete control over a compromised machine.
An important OpenSSH update is available that mitigates these dangerous bugs. It is crucial that all impacted users upgrade to the latest version of OpenSSH by applying the updates issued by Debian LTS, Fedora, Gentoo, RedHat, Rocky Linux, SciLinux, Slackware, SUSE and Ubuntu now to protect against attacks leading to potential system downtime and compromise.
To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.
Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).