openssh-8.7p1-29.el9
エラータID: AXSA:2023-6041:05
リリース日:
2023/06/15 Thursday - 09:30
題名:
openssh-8.7p1-29.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- OpenSSH には、options.kex_algorithms の処理中に二重解放が発生
する問題があるため、デフォルトの設定で認証されていないリモートの
攻撃者により、sshd のアドレス空間の任意の場所へのジャンプやリモート
コード実行を可能とする脆弱性が存在します。(CVE-2023-25136)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-25136
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
追加情報:
N/A
ダウンロード:
SRPMS
- openssh-8.7p1-29.el9.src.rpm
MD5: a89183b25c8831bad2fb02185be16a1e
SHA-256: aeaab5f7c244f4d363801d3581833cc55c7bc118721444f7c1eef8ef23f99bb8
Size: 2.25 MB
Asianux Server 9 for x86_64
- openssh-8.7p1-29.el9.x86_64.rpm
MD5: 5f70d25a2d78057c811e00cb04e016b9
SHA-256: df4ff453eed70ef9c6bd91e577721f6b1e3f556a98d6e0b2be5b8c4cbd9d8bf5
Size: 451.99 kB - openssh-askpass-8.7p1-29.el9.x86_64.rpm
MD5: 0ced22dbfa44c1a0986e6f18b5d5ad90
SHA-256: 51a7c66cdf588fb3190a804a8f3aa9255e74de77cb80aaca662d7d5161f5f644
Size: 20.42 kB - openssh-clients-8.7p1-29.el9.x86_64.rpm
MD5: 8f6efade4beb8de816a8dae848642be7
SHA-256: 207a5858c6eefefdaf099aee90d837acf430b1456a5b95c609674431b0c5b958
Size: 700.09 kB - openssh-keycat-8.7p1-29.el9.x86_64.rpm
MD5: cbc00edbaf8a09ead7d8920740a61118
SHA-256: 3a03f205f1bf845cae9c39b42a756ae920e8d22b2c17b7816b3f849649fa0976
Size: 21.91 kB - openssh-server-8.7p1-29.el9.x86_64.rpm
MD5: 066fb8fc6cc1729769c21e7b5c3bcf67
SHA-256: 97444e3099ee19638915b43fcd819320d3912e9906311c0ca4a8d1706feeaf28
Size: 453.95 kB - pam_ssh_agent_auth-0.10.4-5.29.el9.x86_64.rpm
MD5: d2225ae0a3cde90742fee7691671082b
SHA-256: 00d9d7fb27f419916407b4c931f3afca5d58f59f640f0a1b6cb73e92eb7e7cb8
Size: 67.74 kB
English