ALAS-2023-1898


Amazon Linux 1 Security Advisory: ALAS-2023-1898
Advisory Release Date: 2023-12-18 09:20 Pacific
Advisory Updated Date: 2023-12-19 14:20 Pacific
Severity: Medium

Issue Overview:

AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommend customers update to the latest version of SSH. (CVE-2023-48795)


Affected Packages:

openssh


Issue Correction:
Run yum update openssh to update your system.

New Packages:
i686:
    openssh-cavs-7.4p1-22.81.amzn1.i686
    openssh-ldap-7.4p1-22.81.amzn1.i686
    openssh-server-7.4p1-22.81.amzn1.i686
    pam_ssh_agent_auth-0.10.3-2.22.81.amzn1.i686
    openssh-clients-7.4p1-22.81.amzn1.i686
    openssh-7.4p1-22.81.amzn1.i686
    openssh-debuginfo-7.4p1-22.81.amzn1.i686
    openssh-keycat-7.4p1-22.81.amzn1.i686

src:
    openssh-7.4p1-22.81.amzn1.src

x86_64:
    pam_ssh_agent_auth-0.10.3-2.22.81.amzn1.x86_64
    openssh-debuginfo-7.4p1-22.81.amzn1.x86_64
    openssh-cavs-7.4p1-22.81.amzn1.x86_64
    openssh-keycat-7.4p1-22.81.amzn1.x86_64
    openssh-7.4p1-22.81.amzn1.x86_64
    openssh-clients-7.4p1-22.81.amzn1.x86_64
    openssh-ldap-7.4p1-22.81.amzn1.x86_64
    openssh-server-7.4p1-22.81.amzn1.x86_64