32671 – CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack) - openssh

Bug 32671 - CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack) - openssh

Summary: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Atta...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	All Packagers
QA Contact:	Sec team

URL:
Whiteboard:	MGA9TOO
Keywords:

Depends on:	32704
Blocks:	32641
	Show dependency tree / graph

Reported:	2023-12-31 17:48 CET by Marja Van Waes
Modified:	2024-01-19 16:16 CET (History)
CC List:	6 users (show)

See Also:
Source RPM:	openssh-9.3p1-3.mga10, openssh-9.3p1-2.mga9(?)
CVE:	CVE-2023-48795
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Marja Van Waes 2023-12-31 17:48:24 CET

+++ This bug was initially created as a clone of Bug #32641 +++

That CVE was announced here:
https://www.openwall.com/lists/oss-security/2023/12/18/3
https://www.openwall.com/lists/oss-security/2023/12/19/5
https://www.openwall.com/lists/oss-security/2023/12/20/3

Many SSH implementations that are packaged in Mageia are affected:
<snip>
  - OpenSSH (9.6)

9.6 is the version that fixes the issue https://www.openssh.com/txt/release-9.6

Marja Van Waes 2023-12-31 17:56:39 CET

Whiteboard: (none) => MGA9TOO

Marja Van Waes 2024-01-02 12:01:32 CET

CVE: (none) => CVE-2023-48795

Nicolas Salguero 2024-01-12 11:42:55 CET

Depends on: (none) => 32704

Comment 1 Nicolas Salguero 2024-01-15 09:23:35 CET

Fixed in bug 32704.

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Nicolas Salguero 2024-01-19 16:12:02 CET

Blocks: (none) => 32748

Nicolas Salguero 2024-01-19 16:16:44 CET

Blocks: 32748 => (none)

Note You need to log in before you can comment on or make changes to this bug.