CVE-2023-38408 - Openssh vulnerability

Neša · Jul 27, 2023, 06:53 PM

A new vulnerability in OpenSSH versions that are below 9.32_p2, there is no back port to redhat/rocky/alma.
This redhat link has ways of mitigating the risk.
https://access.redhat.com/security/cve/CVE-2023-38408

Bigguy · Jul 27, 2023, 07:54 PM

Good post for those that need it.

Skhilled · Jul 28, 2023, 06:21 PM

Thanks, Nesa!

Bigguy · Jul 28, 2023, 06:25 PM

Changed the icon on the first post.

Neša · Aug 13, 2023, 08:31 PM

Quote from: Bigguy on Jul 28, 2023, 06:25 PMChanged the icon on the first post.

Thanks.

I should have posted earlier Red Hat and all the down stream (Rocky, Alma) have a back port patch please update your servers if you haven't already.

Skhilled · Aug 14, 2023, 05:55 PM

Ah! That may have been the Easyapache updates I saw about 2 days ago. I updated the server then. I no long run the server but still have access to it.

Neša · Aug 14, 2023, 08:01 PM

Quote from: Skhilled on Aug 14, 2023, 05:55 PMAh! That may have been the Easyapache updates I saw about 2 days ago. I updated the server then. I no long run the server but still have access to it.

It should have been an opnessh update, you can check the changelog to see if you have the update.

Code Select

rpm -q openssh --changelog | grep CVE-2023-38408if you have the installed update you should see text like this.
You cannot view this attachment.

If you don't get that text you'll need to upgrade openssh.

Skhilled · Aug 15, 2023, 05:44 PM

Yes, it's updated.

QUICK NEWS

Internal Links

SMF Sites

CVE-2023-38408 - Openssh vulnerability

Neša

Bigguy

Skhilled

Bigguy

Neša

Skhilled

Neša

Skhilled