Red Hat Security Advisory 2024-4474-03 - Red Hat OpenShift Container Platform release 4.15.22 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a code execution vulnerability.
8b05fbff3be87d05cc5cb35a50344b255b087e099c0d9b19c0b586d66498969cRed Hat Security Advisory 2024-4389-03 - An update for openssh is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.
816fb2d0fda53317c2a2ce1c58cd6a11598f4dac3d4b2306ada8740ea34a9467Red Hat Security Advisory 2024-4340-03 - An update for openssh is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.
c53b87cd593b7bec1642c356e080fc22f1cbbcbe61de4b22d509103635c42045Red Hat Security Advisory 2024-4312-03 - An update for openssh is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
50bd726e6074eba030143271c28bc2c4b0b8fe98c3b8a838ad0431f3b3235889Gentoo Linux Security Advisory 202407-9 - A vulnerability has been discovered in OpenSSH, which can lead to remote code execution with root privileges. Versions greater than or equal to 9.7_p1-r6 are affected.
3f3c084d0ad4079039953a21ef8407b11f9ea275d71e3bc8ee437a83a18de88fUbuntu Security Notice 6859-1 - It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access systems without proper credentials.
bcfd1b7ff658bbf12659082b47acf8efddd6d98fb26b5263228f3aa943bdcaa6Debian Linux Security Advisory 5724-1 - The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an implementation of the SSH protocol suite, is prone to a signal handler race condition. If a client does not authenticate within LoginGraceTime seconds (120 by default), then sshd's SIGALRM handler is called asynchronously and calls various functions that are not async-signal-safe. A remote unauthenticated attacker can take advantage of this flaw to execute arbitrary code with root privileges. This flaw affects sshd in its default configuration.
5e87f7e6953882200bcca86b932c1100ae34b3674c68208e709aa0522427b2f9Qualys has discovered a a signal handler race condition vulnerability in OpenSSH's server, sshd. If a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously, but this signal handler calls various functions that are not async-signal-safe - for example, syslog(). This race condition affects sshd in its default configuration.
7826092019b763740fb3de1d429e43d078262e82a1ebe5f37c468e1d5ea080c4This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed