Debian Linux Security Advisory 5586-1 - Several vulnerabilities have been discovered in OpenSSH, an implementation of the SSH protocol suite.
eb54a28b3d95ad19c4329f6295f24f93dcd4b5a934d6c9ce761901a356063b87Ubuntu Security Notice 6560-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue. Luci Stanescu discovered that OpenSSH incorrectly added destination constraints when smartcard keys were added to ssh-agent, contrary to expectations. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
51525d3d372386042a7048e135a3579c6ec9ecb0ef1d895b68c1fc09cff7aaecGentoo Linux Security Advisory 202307-1 - Multiple vulnerabilities have been discovered in OpenSSH, the worst of which could result in remote code execution. Versions less than 9.3_p2 are affected.
e6bacec3063ea2cc3f27ebc72032e82e64d71502347e717441dac3017857897d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed