StarlingX

[Debian] Critical CVE: CVE-2023-38408 openssh: an insufficiently trustworthy search path

Bug #2038794 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
hqbai

Bug Description

CVE-2023-38408: https://nvd.nist.gov/vuln/detail/CVE-2023-38408

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

Base Score: Critical

Reference:

['openssh-client_1:8.4p1-5_amd64.deb===>openssh-client_1:8.4p1-5+deb11u2_amd64.deb', 'openssh-server_1:8.4p1-5_amd64.deb===>openssh-server_1:8.4p1-5+deb11u2_amd64.deb', 'openssh-sftp-server_1:8.4p1-5_amd64.deb===>openssh-sftp-server_1:8.4p1-5+deb11u2_amd64.deb']

CVE References

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/899015

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/899015
Committed: https://opendev.org/starlingx/tools/commit/51862d7b7e37de0fef89f47c1e59b0c48e5b9d0f
Submitter: "Zuul (22348)"
Branch: master

commit 51862d7b7e37de0fef89f47c1e59b0c48e5b9d0f
Author: Haiqing Bai <email address hidden>
Date: Sun Oct 22 22:20:17 2023 -0700

    Debian: openssh: fix CVE-2023-38408

    Upgraded openssh-client to openssh-client_1:8.4p1-5+deb11u2_amd64.deb
    Upgraded openssh-server to openssh-server_1:8.4p1-5+deb11u2_amd64.deb
    Upgraded openssh-sftp-server to openssh-sftp-server_1:8.4p1-5+deb11u2_amd64.deb

    Refer to:
    https://security-tracker.debian.org/tracker/CVE-2023-38408

    Test Plan:
    Pass: downloader
    Pass: build-pkgs --clean --all
    Pass: build-image
    Pass: boot

    Closes-bug: #2038794

    Change-Id: I556f3e1f1270319bedff6988ee4b6921c4002513
    Signed-off-by: Haiqing Bai <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
Changed in starlingx:
assignee: nobody → hqbai (hbai)
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.