Launchpad.net

CVE 2023-51384

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.

Related bugs and status

CVE-2023-51384 (Candidate) is related to these bugs:

Bug #2040406: Merge openssh from Debian unstable for noble

Summary				In	Importance	Status
	2040406	Merge openssh from Debian unstable for noble		openssh (Ubuntu)	Undecided	Fix Released

Bug #2047082: upgrading openssh-server always shows error: rescue-ssh.target is a disabled or a static unit not running, not starting it.

Summary				In	Importance	Status
	2047082	upgrading openssh-server always shows error: rescue-ssh.target is a disabled or a static unit not running, not starting it.		openssh (Ubuntu)	Low	Fix Released

Bug #2047315: [Debian] Critical CVE: CVE-2023-51384/CVE-2023-28531/CVE-2023-48795/CVE-2023-51385/CVE-2021-41617 openssh : multiple CVEs

Summary				In	Importance	Status
	2047315	[Debian] Critical CVE: CVE-2023-51384/CVE-2023-28531/CVE-2023-48795/CVE-2023-51385/CVE-2021-41617 openssh : multiple CVEs		StarlingX	High	Fix Released

Bug #2049552: [noble] ftbfs with new zlib 1.3

Summary				In	Importance	Status
	2049552	[noble] ftbfs with new zlib 1.3		openssh (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-51384

Related bugs and status

Related bugs

References