Ubuntu Security Notice 6560-3 - USN-6560-2 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS. It was discovered that OpenSSH incorrectly handled user names or host names with shell metacharacters. An attacker could possibly use this issue to perform OS command injection.
d79217f3c4179c2615288ef92644ea2a7503ce8dc66a1ea3994cfdb65236cdfb
==========================================================================
Ubuntu Security Notice USN-6560-3
September 16, 2024
openssh vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
OpenSSH could be made to crash or run programs as your login
if it received a specially crafted input.
Software Description:
- openssh: secure shell (SSH) for secure access to remote machines
Details:
USN-6560-2 fixed a vulnerability in OpenSSH. This update provides
the corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
It was discovered that OpenSSH incorrectly handled user names or host
names with shell metacharacters. An attacker could possibly use this
issue to perform OS command injection.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
openssh-client 1:7.2p2-4ubuntu2.10+esm6
Available with Ubuntu Pro
openssh-server 1:7.2p2-4ubuntu2.10+esm6
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6560-3
https://ubuntu.com/security/notices/USN-6560-2
https://ubuntu.com/security/notices/USN-6560-1
CVE-2023-51385