ALT-PU-2024-1364-3

Package update openssh in branch sisyphus

Version9.6p1-alt1

Published2026-03-07

Max severityMEDIUM

Severity:

Closed issues (4)

MEDIUM6.3

Уязвимость cредства криптографической защиты OpenSSH, связанная с внедрением или модификацией аргумента, позволяющая нарушителю выполнить произвольные команды

Published: 2023-12-21Modified: 2026-01-20

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P

References

CVE-2023-51385

MEDIUM4.4

Уязвимость агента ssh-agent cредства криптографической защиты OpenSSH, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2023-12-21Modified: 2025-03-05

CVSS 3.xMEDIUM 4.4

CVSS:3.x/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

CVSS 2.0LOW 3.8

CVSS:2.0/AV:L/AC:H/Au:S/C:C/I:N/A:N

References

CVE-2023-51384

MEDIUM5.5

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.

Published: 2023-12-18Modified: 2024-11-21

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

MEDIUM6.5

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

Published: 2023-12-18Modified: 2025-12-18

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References