ALAS2-2022-1748

Amazon Linux 2 Security Advisory: ALAS-2022-1748
Advisory Release Date: 2022-02-03 19:30 Pacific
Advisory Updated Date: 2022-02-09 22:05 Pacific
Severity: Medium
Issue Overview:

A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to gain unintended privileges, potentially leading to local privilege escalation. (CVE-2021-41617)


Affected Packages:

openssh


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update openssh to update your system.

New Packages:
aarch64:
    openssh-7.4p1-22.amzn2.0.1.aarch64
    openssh-clients-7.4p1-22.amzn2.0.1.aarch64
    openssh-server-7.4p1-22.amzn2.0.1.aarch64
    openssh-server-sysvinit-7.4p1-22.amzn2.0.1.aarch64
    openssh-ldap-7.4p1-22.amzn2.0.1.aarch64
    openssh-keycat-7.4p1-22.amzn2.0.1.aarch64
    openssh-askpass-7.4p1-22.amzn2.0.1.aarch64
    openssh-cavs-7.4p1-22.amzn2.0.1.aarch64
    pam_ssh_agent_auth-0.10.3-2.22.amzn2.0.1.aarch64
    openssh-debuginfo-7.4p1-22.amzn2.0.1.aarch64

i686:
    openssh-7.4p1-22.amzn2.0.1.i686
    openssh-clients-7.4p1-22.amzn2.0.1.i686
    openssh-server-7.4p1-22.amzn2.0.1.i686
    openssh-server-sysvinit-7.4p1-22.amzn2.0.1.i686
    openssh-ldap-7.4p1-22.amzn2.0.1.i686
    openssh-keycat-7.4p1-22.amzn2.0.1.i686
    openssh-askpass-7.4p1-22.amzn2.0.1.i686
    openssh-cavs-7.4p1-22.amzn2.0.1.i686
    pam_ssh_agent_auth-0.10.3-2.22.amzn2.0.1.i686
    openssh-debuginfo-7.4p1-22.amzn2.0.1.i686

src:
    openssh-7.4p1-22.amzn2.0.1.src

x86_64:
    openssh-7.4p1-22.amzn2.0.1.x86_64
    openssh-clients-7.4p1-22.amzn2.0.1.x86_64
    openssh-server-7.4p1-22.amzn2.0.1.x86_64
    openssh-server-sysvinit-7.4p1-22.amzn2.0.1.x86_64
    openssh-ldap-7.4p1-22.amzn2.0.1.x86_64
    openssh-keycat-7.4p1-22.amzn2.0.1.x86_64
    openssh-askpass-7.4p1-22.amzn2.0.1.x86_64
    openssh-cavs-7.4p1-22.amzn2.0.1.x86_64
    pam_ssh_agent_auth-0.10.3-2.22.amzn2.0.1.x86_64
    openssh-debuginfo-7.4p1-22.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2021-41617

Mitre: CVE-2021-41617