openssh-8.0p1-24.el8
エラータID: AXSA:2024-8173:04
リリース日:
2024/06/14 Friday - 20:25
題名:
openssh-8.0p1-24.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- OpenSSH の scp コマンドの scp.c の toremote() 関数には、
特定の文字に対する処理に問題があるため、ローカルの攻撃者
により、細工されたファイル名を持つファイルの転送を介して、
転送先のサーバー上での任意のコマンドの実行を可能とする
脆弱性が存在します。(CVE-2020-15778)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-15778
** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
追加情報:
N/A
ダウンロード:
SRPMS
- openssh-8.0p1-24.el8.src.rpm
MD5: 3d3398d9d5f7b870b55bee7b3dc2bca9
SHA-256: 239974e402c67057445402630a4cc02f291330cac810a20faa59b128aaa73f3a
Size: 2.89 MB
Asianux Server 8 for x86_64
- openssh-8.0p1-24.el8.x86_64.rpm
MD5: 39a1c7861a2b2da950003ec07d0cf143
SHA-256: 5ab9a107eb64e2fa467e2361de5c1d03e532407b3a7481fa466acfdb32e98189
Size: 524.32 kB - openssh-askpass-8.0p1-24.el8.x86_64.rpm
MD5: 555fcfe9bb404f47718aeac200b5bb61
SHA-256: 120b95efac844ae288a02083a1c69c5d60d2242da5bfffdc42ab6b1e603d6783
Size: 94.19 kB - openssh-cavs-8.0p1-24.el8.x86_64.rpm
MD5: 6a993a7de3c26ecb78251619abadcfd2
SHA-256: 2a520cb8c449525745f3bffed674c0b6d725fdc4ea1227d2d169a5727e593c81
Size: 232.59 kB - openssh-clients-8.0p1-24.el8.x86_64.rpm
MD5: 5e9013d412d6c8f845a6591542902b09
SHA-256: 1617153c21f91db8ac40e0238828b9c0df9a9ca114fe7fc50690f223539ff435
Size: 645.06 kB - openssh-keycat-8.0p1-24.el8.x86_64.rpm
MD5: 177a59c36143613d2a6a595349bcec6f
SHA-256: 60031a8eea9d4fb37294c42f4755670e6a60cc177c607f5d07d366a6763fc6e7
Size: 117.48 kB - openssh-ldap-8.0p1-24.el8.x86_64.rpm
MD5: 29f01d5bbb54d316cbd34570982ecb80
SHA-256: c93646cf7fddc360bb1f2aa24296c12ab6e5d380c7737273fd45e1d74d4be846
Size: 133.27 kB - openssh-server-8.0p1-24.el8.x86_64.rpm
MD5: 14943637680f61b1233739ef44718222
SHA-256: c502ab1b4cfd08ccd43c480b087a187b207d5e4f20138db2b43cc3bd2ecde812
Size: 493.52 kB - pam_ssh_agent_auth-0.10.3-7.24.el8.x86_64.rpm
MD5: 7568ed1186cded13b18a78c158b27123
SHA-256: 1d2607169daa0f2a31188d58b5994ff61f2d081059d70767456a62ccab279e91
Size: 209.07 kB
English