{"schema_version":"1.7.2","id":"OESA-2023-1975","modified":"2023-12-29T11:06:35Z","published":"2023-12-29T11:06:35Z","upstream":["CVE-2023-51385"],"summary":"openssh security update","details":"OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \\ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \\ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \\ capabilities, several authentication methods, and sophisticated configuration options.\r\n\r\nSecurity Fix(es):\r\n\r\nIn ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.(CVE-2023-51385)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"openssh","purl":"pkg:rpm/openEuler/openssh\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.2p1-28.oe1"}]}],"ecosystem_specific":{"aarch64":["pam_ssh_agent_auth-0.10.3-9.28.oe1.aarch64.rpm","openssh-keycat-8.2p1-28.oe1.aarch64.rpm","openssh-askpass-8.2p1-28.oe1.aarch64.rpm","openssh-ldap-8.2p1-28.oe1.aarch64.rpm","openssh-debugsource-8.2p1-28.oe1.aarch64.rpm","openssh-clients-8.2p1-28.oe1.aarch64.rpm","openssh-8.2p1-28.oe1.aarch64.rpm","openssh-server-8.2p1-28.oe1.aarch64.rpm","openssh-cavs-8.2p1-28.oe1.aarch64.rpm","openssh-debuginfo-8.2p1-28.oe1.aarch64.rpm"],"noarch":["openssh-help-8.2p1-28.oe1.noarch.rpm"],"src":["openssh-8.2p1-28.oe1.src.rpm"],"x86_64":["openssh-8.2p1-28.oe1.x86_64.rpm","openssh-ldap-8.2p1-28.oe1.x86_64.rpm","openssh-debugsource-8.2p1-28.oe1.x86_64.rpm","openssh-askpass-8.2p1-28.oe1.x86_64.rpm","openssh-cavs-8.2p1-28.oe1.x86_64.rpm","openssh-clients-8.2p1-28.oe1.x86_64.rpm","openssh-server-8.2p1-28.oe1.x86_64.rpm","openssh-keycat-8.2p1-28.oe1.x86_64.rpm","pam_ssh_agent_auth-0.10.3-9.28.oe1.x86_64.rpm","openssh-debuginfo-8.2p1-28.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1975"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-51385"}],"database_specific":{"severity":"Critical"}}