ClickCease Two Critical OpenSSH Vulnerabilities Fixed

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Two Critical OpenSSH Vulnerabilities Fixed

Rohan Timalsina

September 12, 2023 - TuxCare expert team

Two critical security vulnerabilities were recently addressed in OpenSSH that allow remote code execution (RCE). They are identified as CVE-2023-28531 and CVE-2023-38408, and both have received the base score of 9.8 “Critical” severity from the National Vulnerability Database.

These flaws can be easily exploited in RCE attacks, leading to the execution of malicious software or complete control of an impacted system by an attacker. Therefore, it is of utmost importance that all users impacted by these vulnerabilities promptly update their OpenSSH installations to the latest version.


Keep Your System Safe from These OpenSSH Vulnerabilities

Fortunately, the OpenSSH team has already fixed these vulnerabilities in the newer OpenSSH versions, OpenSSH 9.3p1 and 9.3p2. The latest version available is OpenSSH 9.4, released on August 10, 2023. It contains a number of bug fixes and new small features. To keep your system safe, you must update the OpenSSH to the current version as soon as possible. The new OpenSSH updates are available in your Linux distributions, including Debian, RedHat, Rocky Linux, AlmaLinux, and Ubuntu.

For detailed changes on OpenSSH 9.4, head over to the release notes.


Security Patches for Your End-of-Life OS

TuxCare’s Extended Lifecycle Support offers automated vulnerability patches for your end-of-life system for up to 4 years, including CentOS 6, CentOS 7, CentOS 8, Oracle Linux 6, Ubuntu 16.04, and Ubuntu 18.04. It provides security patches for the Linux kernel, including common shared libraries like glibc, openssh, openssl, and zlib.

TuxCare regularly monitors critical Linux kernel vulnerabilities and security issues associated with the operating systems included in your Extended Lifecycle Support program. We promptly issue patches for both security threats and routine maintenance matters as soon as they are finalized and thoroughly tested.

Speak to a TuxCare expert if you have a particular use case for a distribution that is not yet supported, and we will see if we can keep your unique systems operating smoothly and safely.


The sources for this article include a story from LinuxSecurity.

Two Critical OpenSSH Vulnerabilities Fixed
Article Name
Two Critical OpenSSH Vulnerabilities Fixed
Two critical security vulnerabilities were recently addressed in OpenSSH that allow remote code execution (RCE).
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter