| Summary: | openssh new security issues CVE-2023-38408, CVE-2023-48795, CVE-2023-5138[45] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, mageia, marja11, sysadmin-bugs |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | openssh-9.3p1-2.mga9 | CVE: | CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385 |
| Status comment: | |||
| Bug Depends on: | |||
| Bug Blocks: | 31001, 32671 | ||
|
Description
Nicolas Salguero
2024-01-08 17:12:13 CET
Nicolas Salguero
2024-01-08 17:12:50 CET
Whiteboard:
(none) =>
MGA9TOO The Ubuntu link leads to three other CVEs: It was discovered that OpenSSH incorrectly handled supplemental groups when running helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand as a different user. An attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-41617) Patches: upstream: https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455 upstream: https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde Following the Debian links ended in this commital (same as above?): https://salsa.debian.org/ssh-team/openssh/-/commit/213973a60c9432a8c4ad8aaa8d2dfff3a957fa8e It was discovered that OpenSSH incorrectly added destination constraints when PKCS#11 token keys were added to ssh-agent, contrary to expectations. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-51384) Patches: upstream: https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b (V_9_6_P1) It was discovered that OpenSSH incorrectly handled user names or host names with shell metacharacters. An attacker could possibly use this issue to perform OS command injection. (CVE-2023-51385) Patches: upstream: https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a (V_9_6_P1) openssh has no evident packager associated, so assigning this globally. Assignee:
bugsquad =>
pkg-bugs CVE-2021-41617 is fixed since version 8.8. Suggested advisory: ======================== The updated packages fix security vulnerabilities: The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (CVE-2023-38408) Prefix Truncation Attacks in SSH Specification (Terrapin Attack). (CVE-2023-48795) In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys. (CVE-2023-51384) In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. (CVE-2023-51385) References: https://ubuntu.com/security/notices/USN-6565-1 https://bugs.mageia.org/show_bug.cgi?id=32671 https://www.openwall.com/lists/oss-security/2023/12/18/3 https://www.openwall.com/lists/oss-security/2023/12/19/5 https://www.openwall.com/lists/oss-security/2023/12/20/3 https://bugs.mageia.org/show_bug.cgi?id=31001 https://www.openwall.com/lists/oss-security/2023/07/19/8 https://www.openwall.com/lists/oss-security/2023/07/19/9 https://www.openssh.com/txt/release-9.3p2 ======================== Updated packages in core/updates_testing: ======================== openssh-9.3p1-2.1.mga9 openssh-askpass-common-9.3p1-2.1.mga9 openssh-askpass-gnome-9.3p1-2.1.mga9 openssh-clients-9.3p1-2.1.mga9 openssh-keycat-9.3p1-2.1.mga9 openssh-server-9.3p1-2.1.mga9 from SRPM: openssh-9.3p1-2.1.mga9.src.rpm Blocks:
(none) =>
31001, 32671
PC LX
2024-01-12 12:36:58 CET
CC:
(none) =>
mageia Advisory from comment 2 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete" Summary:
openssh new security issues CVE-2023-5138[45] =>
openssh new security issues CVE-2023-38408, CVE-2023-48795, CVE-2023-5138[45] Tested in real hardware Mageia 9 x86_64 lxqt Related packages in my system were updated without issues Can make ssh connections to my system Can make ssh connections from my system to remote systems MGA9-64, Plasma Used ssh ssh-keygen ssh-keyscan sftp working as expected. Whiteboard:
(none) =>
MGA9-64-OK Validating. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0010.html Status:
ASSIGNED =>
RESOLVED |