openssh-9.6p1-3.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13842 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z openssh-9.6p1-3.1 on GA media These are all security issues fixed in the openssh-9.6p1-3.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13842 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13842 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-28041/ SUSE CVE CVE-2021-28041 page https://www.suse.com/security/cve/CVE-2021-41617/ SUSE CVE CVE-2021-41617 page openSUSE Tumbleweed openssh-9.6p1-3.1 openssh-cavs-9.6p1-3.1 openssh-clients-9.6p1-3.1 openssh-common-9.6p1-3.1 openssh-fips-9.6p1-3.1 openssh-helpers-9.6p1-3.1 openssh-server-9.6p1-3.1 openssh-server-config-rootlogin-9.6p1-3.1 openssh-9.6p1-3.1 as a component of openSUSE Tumbleweed openssh-cavs-9.6p1-3.1 as a component of openSUSE Tumbleweed openssh-clients-9.6p1-3.1 as a component of openSUSE Tumbleweed openssh-common-9.6p1-3.1 as a component of openSUSE Tumbleweed openssh-fips-9.6p1-3.1 as a component of openSUSE Tumbleweed openssh-helpers-9.6p1-3.1 as a component of openSUSE Tumbleweed openssh-server-9.6p1-3.1 as a component of openSUSE Tumbleweed openssh-server-config-rootlogin-9.6p1-3.1 as a component of openSUSE Tumbleweed ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. CVE-2021-28041 openSUSE Tumbleweed:openssh-9.6p1-3.1 openSUSE Tumbleweed:openssh-cavs-9.6p1-3.1 openSUSE Tumbleweed:openssh-clients-9.6p1-3.1 openSUSE Tumbleweed:openssh-common-9.6p1-3.1 openSUSE Tumbleweed:openssh-fips-9.6p1-3.1 openSUSE Tumbleweed:openssh-helpers-9.6p1-3.1 openSUSE Tumbleweed:openssh-server-9.6p1-3.1 openSUSE Tumbleweed:openssh-server-config-rootlogin-9.6p1-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-28041.html CVE-2021-28041 https://bugzilla.suse.com/1183137 SUSE Bug 1183137 sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. CVE-2021-41617 openSUSE Tumbleweed:openssh-9.6p1-3.1 openSUSE Tumbleweed:openssh-cavs-9.6p1-3.1 openSUSE Tumbleweed:openssh-clients-9.6p1-3.1 openSUSE Tumbleweed:openssh-common-9.6p1-3.1 openSUSE Tumbleweed:openssh-fips-9.6p1-3.1 openSUSE Tumbleweed:openssh-helpers-9.6p1-3.1 openSUSE Tumbleweed:openssh-server-9.6p1-3.1 openSUSE Tumbleweed:openssh-server-config-rootlogin-9.6p1-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-41617.html CVE-2021-41617 https://bugzilla.suse.com/1190975 SUSE Bug 1190975 https://bugzilla.suse.com/1193497 SUSE Bug 1193497 https://bugzilla.suse.com/1196721 SUSE Bug 1196721 https://bugzilla.suse.com/1200782 SUSE Bug 1200782 https://bugzilla.suse.com/1205056 SUSE Bug 1205056 https://bugzilla.suse.com/1212247 SUSE Bug 1212247 https://bugzilla.suse.com/1212281 SUSE Bug 1212281