Bug 14311

Summary:	[CVE 21] OpenSSH 9.5 CVEs found
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Eduard <e.kosachev>
Component:	System (kernel, glibc, systemd, bash, PAM...)	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	critical
Priority:	High	CC:	a.proklov, e.kosachev, pastordidi, s.matveev, v.potapov
Version:	All	Flags:	v.potapov: qa_verified+ e.kosachev: secteam_verified? (e.kosachev) a.proklov: published+
Target Milestone:	2021.1 Fresh R12
Hardware:	All
OS:	Linux
URL:	CVE-2023-51385, CVE-2023-48795, CVE-2023-51384
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Eduard 2024-02-13 13:01:11 MSK

openSSH 9.5
https://nvd.nist.gov/vuln/detail/CVE-2023-51385 MEDIUM
https://nvd.nist.gov/vuln/detail/CVE-2023-51767 HIGH
https://nvd.nist.gov/vuln/detail/CVE-2023-48795 MEDIUM
https://nvd.nist.gov/vuln/detail/CVE-2023-51384 MEDIUM

Comment 1 Vladimir Potapov 2024-02-14 10:19:59 MSK

Хай пока никто не исправил, ни дебиан
https://security-tracker.debian.org/tracker/CVE-2023-51767
ни редхат
https://bugzilla.mindrot.org/show_bug.cgi?id=3656
В редхате вообще считают возможность эксплойта нереальной.

Comment 2 Svyatoslav Matveev 2024-02-29 14:58:24 MSK

(In reply to Vladimir Potapov from comment #1)
> Хай пока никто не исправил, ни дебиан
> https://security-tracker.debian.org/tracker/CVE-2023-51767
> ни редхат
> https://bugzilla.mindrot.org/show_bug.cgi?id=3656
> В редхате вообще считают возможность эксплойта нереальной.

********** QA ADVISORY **********

CVE-2023-51767 еще не исправлен.

Остальные уязвимости закрыты обновлением.

*** openssh
**  9.5p1 .. 9.6p1

https://abf.io/build_lists/4995133
https://abf.io/build_lists/4995134
https://abf.io/build_lists/4995135
https://abf.io/build_lists/4995137
https://abf.io/build_lists/4995155

Comment 3 Dmitry Postnikov 2024-03-04 15:59:29 MSK

*********************************
Обновление опубликовано в Тестинг

Comment 4 Vladimir Potapov 2024-03-13 07:12:45 MSK

openssh-9.6p1
https://abf.io/build_lists/4995133
https://abf.io/build_lists/4995134
https://abf.io/build_lists/4995135
https://abf.io/build_lists/4995137
https://abf.io/build_lists/4995155
*********************** Advisory **************************
CVE-2023-51385, CVE-2023-48795, CVE-2023-51384 closed
***********************************************************
QA Verified