Ubuntu Security Notice 6738-1 - Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that LXD incorrectly handled the handshake phase and the use of sequence numbers in SSH Binary Packet Protocol. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass integrity checks.
d77b141e270c41154b29de186352132905dedeb534b3e7d82e7b08b98259c5f4Red Hat Security Advisory 2024-1557-03 - An update is now available for Red Hat OpenShift Builds 1.0. Issues addressed include denial of service and traversal vulnerabilities.
d29131168c6739c5f0e4cc9ca1fc6e36a8598723c0d447439443d07a778f5f03Red Hat Security Advisory 2024-1210-03 - Red Hat OpenShift Container Platform release 4.15.2 is now available with updates to packages and images that fix several bugs and add enhancements.
81a319a12d033d663dbf89d1e5a34e3dc87a99faa19d798e3932ee097216d824Apple Security Advisory 03-07-2024-2 - macOS Sonoma 14.4 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and spoofing vulnerabilities.
29c509ba93a9dc40af758aca80410a21c8239c2a3c115bac3d2acd0e1e6deea5Red Hat Security Advisory 2024-1197-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
54cd1ab54bea48b840e3a9f936f00209a01bd7b4397d1cee7bc322c327301916Red Hat Security Advisory 2024-1196-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
2130fbf5d26dc7b366b1c67d35c9f3e8d8f200259ffbb0a2f00c34674ea9fcedRed Hat Security Advisory 2024-1150-03 - An update for buildah is now available for Red Hat Enterprise Linux 9.
3b380d599f1e214465c02c27a990fbb02861e6c1f243873037b7a30d987161dbRed Hat Security Advisory 2024-1130-03 - An update for openssh is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
81ece00c1a0fa3af166446b3fac05f48fad824008e773bbee6b4296a6a0afd61Red Hat Security Advisory 2024-0628-03 - An update for libssh is now available for Red Hat Enterprise Linux 8.
de5da48873b00d46c511d533b4f5ac800ab7c91ac818c4e2584b7899e8b81213Red Hat Security Advisory 2024-0625-03 - An update for libssh is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
018cd548988820355474e81032b83f08e31c531ea5f9991fcba5c157634915d3Red Hat Security Advisory 2024-0606-03 - An update for openssh is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.
0d25beb100b05b6a8c8a5fdfee0301113431217df46c78cc1f31d355bbf50f2dRed Hat Security Advisory 2024-0594-03 - An update for openssh is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a code execution vulnerability.
894b0a37963313f96fa44fafb400227dc9fa3a99cc7f03e42ca81113473a1362Red Hat Security Advisory 2024-0499-03 - An update for libssh is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
ca24d6289d8a982597d3f2514213879395c4b7716d3efba7cb69afbfd9cf5fe7Red Hat Security Advisory 2024-0455-03 - An update for openssh is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.
c5e3227243298a1e3bb59ac48643d3fe6e16b93315e9aa5aff8cb788c2e02d3eRed Hat Security Advisory 2024-0429-03 - An update for openssh is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a code execution vulnerability.
7090a47affc80a0a7550d6e1832cd509f48348953e2a1b4351764fa4597c0803Ubuntu Security Notice 6598-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.
dd8a1a95b3a16c6fe45623db4f26f252a81bb8e5b368cdbaffd76de031b0e0fdUbuntu Security Notice 6589-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information.
8518668a4badaa795ff43751102221732a1799bf651302c95ea7ee967ec088d0Ubuntu Security Notice 6585-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.
d368df4c0d357987893502f341336db0f44b79a83468cb12d62846d219bc5e7bDebian Linux Security Advisory 5601-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts.
74939800a29d48ded37e9813459aa6b29068a867d2c407034d466d7a7bb36ee5Debian Linux Security Advisory 5600-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts.
8cfe6e2a5aa62ff4c70ee28350070f1ea5a4506b8305130470d356424e8fe7c6Debian Linux Security Advisory 5599-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts.
a0c9e4b89d0e004e7f26020948eef0d8e208379ab02cce69468a0e02ce7ea9b2Ubuntu Security Notice 6560-2 - USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.
279f23efe6b36684994928a454f01081c5330f4103d3e9a111b6c5ff07c9a1f6Debian Linux Security Advisory 5591-1 - Several vulnerabilities were discovered in libssh, a tiny C SSH library.
f815049b2837197686b4875cddb418f75a8e54d47afc59fdafc4741b2b0cb015Gentoo Linux Security Advisory 202312-16 - Multiple vulnerabilities have been discovered in libssh, the worst of which could lead to code execution. Versions greater than or equal to 0.10.6 are affected.
475da9d4074fee95dd103c9e4072c2a5bae6c16622c02660f94da00f23ad5f16Gentoo Linux Security Advisory 202312-17 - Multiple vulnerabilities have been discovered in OpenSSH, the worst of which could lead to code execution. Versions greater than or equal to 9.6_p1 are affected.
ba995f8d24608fff3aaab0d0ad90892e7d28d73639eaace76ba4733a544b788c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed