USN-6242-1: OpenSSH vulnerability
It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.
Affected Software
Event History
Frequently Asked Questions
What is the vulnerability ID for this OpenSSH vulnerability?
The vulnerability ID for this OpenSSH vulnerability is USN-6242-1.
What is the description of the OpenSSH vulnerability?
The OpenSSH vulnerability allows a remote attacker to load arbitrary libraries and execute arbitrary code by exploiting the incorrect handling of loading certain PKCS#11 providers.
How does the OpenSSH vulnerability affect Ubuntu 23.04?
Ubuntu 23.04 is affected by the OpenSSH vulnerability if OpenSSH client version 1:9.0p1-1ubuntu8.4 or earlier is installed.
How does the OpenSSH vulnerability affect Ubuntu 22.04?
Ubuntu 22.04 is affected by the OpenSSH vulnerability if OpenSSH client version 1:8.9p1-3ubuntu0.3 or earlier is installed.
How does the OpenSSH vulnerability affect Ubuntu 20.04?
Ubuntu 20.04 is affected by the OpenSSH vulnerability if OpenSSH client version 1:8.2p1-4ubuntu0.8 or earlier is installed.
How can I fix the OpenSSH vulnerability?
To fix the OpenSSH vulnerability, update the OpenSSH client package to version 1:9.0p1-1ubuntu8.4 or later for Ubuntu 23.04, version 1:8.9p1-3ubuntu0.3 or later for Ubuntu 22.04, and version 1:8.2p1-4ubuntu0.8 or later for Ubuntu 20.04.