RHSA-2023:4329

Description

Red Hat Security Advisory: openssh security update

CVSS Metrics

• v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• redhat•openssh

  < 0:8.7p1-11.el9_0 | < 0:8.7p1-11.el9_0

• redhat•openssh-askpass

  < 0:8.7p1-11.el9_0 | < 0:8.7p1-11.el9_0

• redhat•openssh-askpass-debuginfo

  < 0:8.7p1-11.el9_0 | < 0:8.7p1-11.el9_0

• redhat•openssh-clients

  < 0:8.7p1-11.el9_0 | < 0:8.7p1-11.el9_0

• redhat•openssh-clients-debuginfo

  < 0:8.7p1-11.el9_0 | < 0:8.7p1-11.el9_0

• redhat•openssh-debuginfo

  < 0:8.7p1-11.el9_0 | < 0:8.7p1-11.el9_0

• redhat•openssh-debugsource

  < 0:8.7p1-11.el9_0 | < 0:8.7p1-11.el9_0

• redhat•openssh-keycat

  < 0:8.7p1-11.el9_0 | < 0:8.7p1-11.el9_0

• redhat•openssh-keycat-debuginfo

  < 0:8.7p1-11.el9_0 | < 0:8.7p1-11.el9_0

• redhat•openssh-server

  < 0:8.7p1-11.el9_0 | < 0:8.7p1-11.el9_0

• redhat•openssh-server-debuginfo

  < 0:8.7p1-11.el9_0 | < 0:8.7p1-11.el9_0

• redhat•pam_ssh_agent_auth

  < 0:0.10.4-4.11.el9_0 | < 0:0.10.4-4.11.el9_0

• redhat•pam_ssh_agent_auth-debuginfo

  < 0:0.10.4-4.11.el9_0 | < 0:0.10.4-4.11.el9_0

References (8)

• https://access.redhat.com/errata/RHSA-2023:4329
• https://access.redhat.com/security/updates/classification/#important
• https://bugzilla.redhat.com/show_bug.cgi?id=2224173
• https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4329.json
• https://access.redhat.com/security/cve/CVE-2023-38408
• https://www.cve.org/CVERecord?id=CVE-2023-38408
• https://nvd.nist.gov/vuln/detail/CVE-2023-38408
• https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt