Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
patchinfo.29890
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.29890
<patchinfo incident="29890"> <issue tracker="cve" id="2023-38408"/> <issue tracker="bnc" id="1186673">CC: openssh is not always clearing keys</issue> <issue tracker="bnc" id="1213004">SSH session keys not deleted after session ends</issue> <issue tracker="bnc" id="1213008">CC: openssh is not always clearing keys</issue> <issue tracker="bnc" id="1209536">SLES15 SP5 S202302-1 - openssh missing or bad close() calls causes openssl-ibmca engine not directing work to accelerator cards (regression)</issue> <issue tracker="bnc" id="1213504">CVE-2023-38408: openssh: Remote Code Execution in OpenSSH's forwarded ssh-agent</issue> <packager>simotek</packager> <rating>important</rating> <category>security</category> <summary>Security update for openssh</summary> <description>This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor