Amazon Linux 2023 Security Advisory: ALAS-2023-462
Advisory Release Date: 2023-12-18 09:20 Pacific
Advisory Updated Date: 2023-12-19 14:20 Pacific
Severity:
Medium
Issue Overview:
AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommend customers update to the latest version of SSH. (CVE-2023-48795)
Affected Packages:
openssh
Issue Correction:
Run dnf update openssh --releasever 2023.3.20231218 to update your system.
New Packages:
aarch64:
openssh-clients-debuginfo-8.7p1-8.amzn2023.0.9.aarch64
pam_ssh_agent_auth-debuginfo-0.10.4-4.8.amzn2023.0.9.aarch64
openssh-server-8.7p1-8.amzn2023.0.9.aarch64
openssh-debuginfo-8.7p1-8.amzn2023.0.9.aarch64
openssh-keycat-debuginfo-8.7p1-8.amzn2023.0.9.aarch64
pam_ssh_agent_auth-0.10.4-4.8.amzn2023.0.9.aarch64
openssh-server-debuginfo-8.7p1-8.amzn2023.0.9.aarch64
openssh-keycat-8.7p1-8.amzn2023.0.9.aarch64
openssh-8.7p1-8.amzn2023.0.9.aarch64
openssh-clients-8.7p1-8.amzn2023.0.9.aarch64
openssh-debugsource-8.7p1-8.amzn2023.0.9.aarch64
src:
openssh-8.7p1-8.amzn2023.0.9.src
x86_64:
openssh-clients-debuginfo-8.7p1-8.amzn2023.0.9.x86_64
openssh-server-8.7p1-8.amzn2023.0.9.x86_64
openssh-keycat-debuginfo-8.7p1-8.amzn2023.0.9.x86_64
openssh-server-debuginfo-8.7p1-8.amzn2023.0.9.x86_64
openssh-keycat-8.7p1-8.amzn2023.0.9.x86_64
pam_ssh_agent_auth-0.10.4-4.8.amzn2023.0.9.x86_64
openssh-8.7p1-8.amzn2023.0.9.x86_64
pam_ssh_agent_auth-debuginfo-0.10.4-4.8.amzn2023.0.9.x86_64
openssh-debuginfo-8.7p1-8.amzn2023.0.9.x86_64
openssh-clients-8.7p1-8.amzn2023.0.9.x86_64
openssh-debugsource-8.7p1-8.amzn2023.0.9.x86_64