Vulnerability CVE-2023-51384: Information
Description
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
openquantumsafe-openssh | sisyphus | 8.9p1.202310-alt2 | 8.9p1.202310-alt2 | ALT-PU-2024-1046-5 | 337714 | Fixed |
openquantumsafe-openssh | p11 | 8.9p1.202310-alt2 | 8.9p1.202310-alt2 | ALT-PU-2024-1046-5 | 337714 | Fixed |
openssh | sisyphus | 9.6p1-alt1 | 9.6p1-alt1 | ALT-PU-2024-1364-1 | 338324 | Fixed |
openssh | sisyphus_riscv64 | 9.6p1-alt1 | 9.6p1-alt1 | ALT-PU-2024-2944-1 | - | Fixed |
openssh | sisyphus_loongarch64 | 9.6p1-alt1 | 9.6p1-alt1 | ALT-PU-2024-1503-1 | - | Fixed |
openssh | p11 | 9.6p1-alt1 | 9.6p1-alt1 | ALT-PU-2024-1364-1 | 338324 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.openssh.com/txt/release-9.6 |
|
https://www.openwall.com/lists/oss-security/2023/12/18/2 |
|
https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b |
|
DSA-5586 |
|
https://security.netapp.com/advisory/ntap-20240105-0005/ |
|
https://support.apple.com/kb/HT214084 |
|
20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 |
|