openssh-8.0p1-24.el8

エラータID: AXSA:2024-8173:04

Release date: 
Friday, June 14, 2024 - 20:25
Subject: 
openssh-8.0p1-24.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

* openssh: scp allows command injection when using backtick characters in the destination argument (CVE-2020-15778)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.10 Release Notes linked from the References section.

CVE-2020-15778
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

Solution: 

Update packages.

CVEs: 
CVE-2020-15778
** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
Additional Info: 

N/A

Download: 

SRPMS
  1. openssh-8.0p1-24.el8.src.rpm
    MD5: 3d3398d9d5f7b870b55bee7b3dc2bca9
    SHA-256: 239974e402c67057445402630a4cc02f291330cac810a20faa59b128aaa73f3a
    Size: 2.89 MB

Asianux Server 8 for x86_64
  1. openssh-8.0p1-24.el8.x86_64.rpm
    MD5: 39a1c7861a2b2da950003ec07d0cf143
    SHA-256: 5ab9a107eb64e2fa467e2361de5c1d03e532407b3a7481fa466acfdb32e98189
    Size: 524.32 kB
  2. openssh-askpass-8.0p1-24.el8.x86_64.rpm
    MD5: 555fcfe9bb404f47718aeac200b5bb61
    SHA-256: 120b95efac844ae288a02083a1c69c5d60d2242da5bfffdc42ab6b1e603d6783
    Size: 94.19 kB
  3. openssh-cavs-8.0p1-24.el8.x86_64.rpm
    MD5: 6a993a7de3c26ecb78251619abadcfd2
    SHA-256: 2a520cb8c449525745f3bffed674c0b6d725fdc4ea1227d2d169a5727e593c81
    Size: 232.59 kB
  4. openssh-clients-8.0p1-24.el8.x86_64.rpm
    MD5: 5e9013d412d6c8f845a6591542902b09
    SHA-256: 1617153c21f91db8ac40e0238828b9c0df9a9ca114fe7fc50690f223539ff435
    Size: 645.06 kB
  5. openssh-keycat-8.0p1-24.el8.x86_64.rpm
    MD5: 177a59c36143613d2a6a595349bcec6f
    SHA-256: 60031a8eea9d4fb37294c42f4755670e6a60cc177c607f5d07d366a6763fc6e7
    Size: 117.48 kB
  6. openssh-ldap-8.0p1-24.el8.x86_64.rpm
    MD5: 29f01d5bbb54d316cbd34570982ecb80
    SHA-256: c93646cf7fddc360bb1f2aa24296c12ab6e5d380c7737273fd45e1d74d4be846
    Size: 133.27 kB
  7. openssh-server-8.0p1-24.el8.x86_64.rpm
    MD5: 14943637680f61b1233739ef44718222
    SHA-256: c502ab1b4cfd08ccd43c480b087a187b207d5e4f20138db2b43cc3bd2ecde812
    Size: 493.52 kB
  8. pam_ssh_agent_auth-0.10.3-7.24.el8.x86_64.rpm
    MD5: 7568ed1186cded13b18a78c158b27123
    SHA-256: 1d2607169daa0f2a31188d58b5994ff61f2d081059d70767456a62ccab279e91
    Size: 209.07 kB