Package "ssh"
Name: |
ssh
|
Description: |
secure shell client and server (metapackage)
|
Latest version: |
1:8.9p1-3ubuntu0.6 |
Release: |
jammy (22.04) |
Level: |
security |
Repository: |
main |
Head package: |
openssh |
Homepage: |
http://www.openssh.com/ |
Links
Download "ssh"
Other versions of "ssh" in Jammy
Changelog
openssh (1:8.9p1-3ubuntu0.6) jammy-security; urgency=medium
* SECURITY UPDATE: incomplete PKCS#11 destination constraints
- debian/patches/CVE-2023-51384.patch: apply destination constraints to
all p11 keys in ssh-agent.c.
- CVE-2023-51384
* SECURITY UPDATE: command injection via shell metacharacters
- debian/patches/CVE-2023-51385.patch: ban user/hostnames with most
shell metacharacters in ssh.c.
- CVE-2023-51385
-- Marc Deslauriers <email address hidden> Tue, 02 Jan 2024 11:54:04 -0500
|
Source diff to previous version |
CVE-2023-51384 |
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during ad |
CVE-2023-51385 |
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by a |
|
openssh (1:8.9p1-3ubuntu0.5) jammy-security; urgency=medium
* SECURITY UPDATE: Prefix truncation attack on BPP
- debian/patches/CVE-2023-48795.patch: implement "strict key exchange"
in PROTOCOL, kex.c, kex.h, packet.c, sshconnect2.c, sshd.c.
- CVE-2023-48795
* SECURITY UPDATE: smartcard constraints not added to agent
- debian/patches/CVE-2023-28531.patch: include destination constraints
for smartcard keys too in authfd.c.
- CVE-2023-28531
-- Marc Deslauriers <email address hidden> Mon, 18 Dec 2023 11:28:16 -0500
|
Source diff to previous version |
CVE-2023-48795 |
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integri |
CVE-2023-28531 |
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is |
|
openssh (1:8.9p1-3ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: remote code execution relating to PKCS#11 providers
- debian/patches/CVE-2023-38408-1.patch: terminate process if requested
to load a PKCS#11 provider that isn't a PKCS#11 provider in
ssh-pkcs11.c.
- debian/patches/CVE-2023-38408-2.patch: disallow remote addition of
FIDO/PKCS11 provider in ssh-agent.1, ssh-agent.c.
- debian/patches/CVE-2023-38408-3.patch: ensure FIDO/PKCS11 libraries
contain expected symbols in misc.c, misc.h, ssh-pkcs11.c, ssh-sk.c.
- CVE-2023-38408
-- Marc Deslauriers <email address hidden> Wed, 19 Jul 2023 15:41:52 -0400
|
CVE-2023-38408 |
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent |
|
About
-
Send Feedback to @ubuntu_updates