blob: e1009b354f333ea6bf5a80968a34f772d8f7d0a7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<p>Several vulnerabilities have been discovered in OpenSSH, an implementation of
the SSH protocol suite.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2021-41617">CVE-2021-41617</a>
<p>It was discovered that sshd failed to correctly initialise supplemental
groups when executing an AuthorizedKeysCommand or
AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or
AuthorizedPrincipalsCommandUser directive has been set to run the command
as a different user. Instead these commands would inherit the groups that
sshd was started with.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-48795">CVE-2023-48795</a>
<p>Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH
protocol is prone to a prefix truncation attack, known as the <q>Terrapin
attack</q>. This attack allows a MITM attacker to effect a limited break of the
integrity of the early encrypted SSH transport protocol by sending extra
messages prior to the commencement of encryption, and deleting an equal
number of consecutive messages immediately after encryption starts.</p>
<p>Details can be found at <a href="https://terrapin-attack.com/">https://terrapin-attack.com/</a></p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-51385">CVE-2023-51385</a>
<p>It was discovered that if an invalid user or hostname that contained shell
metacharacters was passed to ssh, and a ProxyCommand, LocalCommand
directive or <q>match exec</q> predicate referenced the user or hostname via
expansion tokens, then an attacker who could supply arbitrary
user/hostnames to ssh could potentially perform command injection. The
situation could arise in case of git repositories with submodules, where the
repository could contain a submodule with shell characters in its user or
hostname.</p></li>
</ul>
<p>For Debian 10 buster, these problems have been fixed in version
1:7.9p1-10+deb10u4.</p>
<p>We recommend that you upgrade your openssh packages.</p>
<p>For the detailed security status of openssh please refer to
its security tracker page at:
<a href="https://security-tracker.debian.org/tracker/openssh">https://security-tracker.debian.org/tracker/openssh</a></p>
<p>Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a></p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2023/dla-3694.data"
# $Id: $
|
