This update for gd fixes the following issues: - CVE-2021-40812: Fixed out-of-bounds read caused by the lack of certain gdGetBuf and gdPutBuf return value checks .
This update for gd fixes the following issues: - CVE-2021-40812: Fixed out-of-bounds read caused by the lack of certain gdGetBuf and gdPutBuf return value checks .
[7.4p1-23.0.1] - enlarge format buffer size for certificate serial number so the log message can record any 64-bit integer without truncation [Orabug: 30448895] [7.4p1-23 + 0.10.3-2] - Avoid remote code execution in ssh-agent PKCS#11 support Resolves: CVE-2023-38408
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if the target user's ssh-agent is forwarded to an attacker-controlled system . Exploitation can also be prevented by starting ssh-agent with an empty PKCS#11/FIDO allowlist or by configuring an allowlist that contains only specific provider libraries. NOTE: this ...
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if the target user's ssh-agent is forwarded to an attacker-controlled system . Exploitation can also be prevented by starting ssh-agent with an empty PKCS#11/FIDO allowlist or by configuring an allowlist that contains only specific provider libraries. NOTE: this ...
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: Remote code execution in ssh-agent PKCS#11 support For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to ...
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: Remote code execution in ssh-agent PKCS#11 support For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to ...
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: Remote code execution in ssh-agent PKCS#11 support For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to ...