AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommend customers update to the latest version of SSH.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 2023 | libssh | 2024-01-03 23:20 | ALAS2023-2024-468 |
Amazon Linux 1 | openssh | 2023-12-18 09:20 | ALAS-2023-1898 |
Amazon Linux 2 - Core | openssh | 2023-12-18 09:20 | ALAS2-2023-2376 |
Amazon Linux 2023 | openssh | 2023-12-18 09:20 | ALAS2023-2023-462 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
NVD | CVSSv3 | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |