Amazon Linux 2023 Security Advisory: ALAS-2024-468
Advisory Release Date: 2024-01-03 23:20 Pacific
Advisory Updated Date: 2024-01-08 21:03 Pacific
Severity:
Medium
Issue Overview:
AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommend customers update to the latest version of SSH. (CVE-2023-48795)
Affected Packages:
libssh
Issue Correction:
Run dnf update libssh --releasever 2023.3.20240108 to update your system.
New Packages:
aarch64:
libssh-debugsource-0.10.6-1.amzn2023.0.1.aarch64
libssh-debuginfo-0.10.6-1.amzn2023.0.1.aarch64
libssh-0.10.6-1.amzn2023.0.1.aarch64
libssh-devel-0.10.6-1.amzn2023.0.1.aarch64
noarch:
libssh-config-0.10.6-1.amzn2023.0.1.noarch
src:
libssh-0.10.6-1.amzn2023.0.1.src
x86_64:
libssh-debugsource-0.10.6-1.amzn2023.0.1.x86_64
libssh-debuginfo-0.10.6-1.amzn2023.0.1.x86_64
libssh-0.10.6-1.amzn2023.0.1.x86_64
libssh-devel-0.10.6-1.amzn2023.0.1.x86_64