diff options
author | Jean-Pierre Giraud <jean-pierregiraud@neuf.fr> | 2023-12-22 11:05:35 +0100 |
---|---|---|
committer | Jean-Pierre Giraud <jean-pierregiraud@neuf.fr> | 2023-12-22 11:05:35 +0100 |
commit | 379642bc802016b86c0a837c2c4e7b3b114c099a (patch) | |
tree | 735a06527414cf9d69b72a208fe02d45024acbaf /english/security | |
parent | 280de20a45d272979e22db3ba34b311546f4febb (diff) |
[SECURITY] [DSA 5586-1] openssh security update
Diffstat (limited to 'english/security')
-rw-r--r-- | english/security/2023/dsa-5586.data | 13 | ||||
-rw-r--r-- | english/security/2023/dsa-5586.wml | 73 |
2 files changed, 86 insertions, 0 deletions
diff --git a/english/security/2023/dsa-5586.data b/english/security/2023/dsa-5586.data new file mode 100644 index 00000000000..c8bb36659e7 --- /dev/null +++ b/english/security/2023/dsa-5586.data @@ -0,0 +1,13 @@ +<define-tag pagetitle>DSA-5586-1 openssh</define-tag> +<define-tag report_date>2023-12-22</define-tag> +<define-tag secrefs>CVE-2021-41617 CVE-2023-28531 CVE-2023-48795 CVE-2023-51384 CVE-2023-51385 Bug#995130 Bug#1033166</define-tag> +<define-tag packages>openssh</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + + + +</dl> diff --git a/english/security/2023/dsa-5586.wml b/english/security/2023/dsa-5586.wml new file mode 100644 index 00000000000..cbe665f1422 --- /dev/null +++ b/english/security/2023/dsa-5586.wml @@ -0,0 +1,73 @@ +<define-tag description>security update</define-tag> +<define-tag moreinfo> +<p>Several vulnerabilities have been discovered in OpenSSH, an +implementation of the SSH protocol suite.</p> + +<ul> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2021-41617">CVE-2021-41617</a> + + <p>It was discovered that sshd failed to correctly initialise + supplemental groups when executing an AuthorizedKeysCommand or + AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or + AuthorizedPrincipalsCommandUser directive has been set to run the + command as a different user. Instead these commands would inherit + the groups that sshd was started with.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-28531">CVE-2023-28531</a> + + <p>Luci Stanescu reported that a error prevented constraints being + communicated to the ssh-agent when adding smartcard keys to the + agent with per-hop destination constraints, resulting in keys being + added without constraints.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-48795">CVE-2023-48795</a> + + <p>Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that + the SSH protocol is prone to a prefix truncation attack, known as + the <q>Terrapin attack</q>. This attack allows a MITM attacker to effect + a limited break of the integrity of the early encrypted SSH + transport protocol by sending extra messages prior to the + commencement of encryption, and deleting an equal number of + consecutive messages immediately after encryption starts.</p> + + <p>Details can be found at <a href="https://terrapin-attack.com/">\ + https://terrapin-attack.com/</a></p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-51384">CVE-2023-51384</a> + + <p>It was discovered that when PKCS#11-hosted private keys were + added while specifying destination constraints, if the PKCS#11 + token returned multiple keys then only the first key had the + constraints applied.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-51385">CVE-2023-51385</a> + + <p>It was discovered that if an invalid user or hostname that contained + shell metacharacters was passed to ssh, and a ProxyCommand, + LocalCommand directive or <q>match exec</q> predicate referenced the user + or hostname via expansion tokens, then an attacker who could supply + arbitrary user/hostnames to ssh could potentially perform command + injection. The situation could arise in case of git repositories + with submodules, where the repository could contain a submodule with + shell characters in its user or hostname.</p></li> + +</ul> + +<p>For the oldstable distribution (bullseye), these problems have been fixed +in version 1:8.4p1-5+deb11u3.</p> + +<p>For the stable distribution (bookworm), these problems have been fixed in +version 1:9.2p1-2+deb12u2.</p> + +<p>We recommend that you upgrade your openssh packages.</p> + +<p>For the detailed security status of openssh please refer to its security +tracker page at: +<a href="https://security-tracker.debian.org/tracker/openssh">\ +https://security-tracker.debian.org/tracker/openssh</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2023/dsa-5586.data" +# $Id: $ |