Red Hat Security Advisory 2024-4474-03 - Red Hat OpenShift Container Platform release 4.15.22 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a code execution vulnerability.
8b05fbff3be87d05cc5cb35a50344b255b087e099c0d9b19c0b586d66498969c
Red Hat Security Advisory 2024-4389-03 - An update for openssh is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.
816fb2d0fda53317c2a2ce1c58cd6a11598f4dac3d4b2306ada8740ea34a9467
Red Hat Security Advisory 2024-4340-03 - An update for openssh is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.
c53b87cd593b7bec1642c356e080fc22f1cbbcbe61de4b22d509103635c42045
Red Hat Security Advisory 2024-4312-03 - An update for openssh is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
50bd726e6074eba030143271c28bc2c4b0b8fe98c3b8a838ad0431f3b3235889
Gentoo Linux Security Advisory 202407-9 - A vulnerability has been discovered in OpenSSH, which can lead to remote code execution with root privileges. Versions greater than or equal to 9.7_p1-r6 are affected.
3f3c084d0ad4079039953a21ef8407b11f9ea275d71e3bc8ee437a83a18de88f
Ubuntu Security Notice 6859-1 - It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access systems without proper credentials.
bcfd1b7ff658bbf12659082b47acf8efddd6d98fb26b5263228f3aa943bdcaa6
Debian Linux Security Advisory 5724-1 - The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an implementation of the SSH protocol suite, is prone to a signal handler race condition. If a client does not authenticate within LoginGraceTime seconds (120 by default), then sshd's SIGALRM handler is called asynchronously and calls various functions that are not async-signal-safe. A remote unauthenticated attacker can take advantage of this flaw to execute arbitrary code with root privileges. This flaw affects sshd in its default configuration.
5e87f7e6953882200bcca86b932c1100ae34b3674c68208e709aa0522427b2f9
Qualys has discovered a a signal handler race condition vulnerability in OpenSSH's server, sshd. If a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously, but this signal handler calls various functions that are not async-signal-safe - for example, syslog(). This race condition affects sshd in its default configuration.
7826092019b763740fb3de1d429e43d078262e82a1ebe5f37c468e1d5ea080c4
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3