ClickCease Two Critical OpenSSH Vulnerabilities Fixed

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Two Critical OpenSSH Vulnerabilities Fixed

by Rohan Timalsina

September 12, 2023 - TuxCare expert team

Two critical security vulnerabilities were recently addressed in OpenSSH that allow remote code execution (RCE). They are identified as CVE-2023-28531 and CVE-2023-38408, and both have received the base score of 9.8 “Critical” severity from the National Vulnerability Database.

These flaws can be easily exploited in RCE attacks, leading to the execution of malicious software or complete control of an impacted system by an attacker. Therefore, it is of utmost importance that all users impacted by these vulnerabilities promptly update their OpenSSH installations to the latest version.

 

Keep Your System Safe from These OpenSSH Vulnerabilities

Fortunately, the OpenSSH team has already fixed these vulnerabilities in the newer OpenSSH versions, OpenSSH 9.3p1 and 9.3p2. The latest version available is OpenSSH 9.4, released on August 10, 2023. It contains a number of bug fixes and new small features. To keep your system safe, you must update the OpenSSH to the current version as soon as possible. The new OpenSSH updates are available in your Linux distributions, including Debian, RedHat, Rocky Linux, AlmaLinux, and Ubuntu.

For detailed changes on OpenSSH 9.4, head over to the release notes.

 

Security Patches for Your End-of-Life OS

TuxCare’s Extended Lifecycle Support offers automated vulnerability patches for your end-of-life system for up to 4 years, including CentOS 6, CentOS 7, CentOS 8, Oracle Linux 6, Ubuntu 16.04, and Ubuntu 18.04. It provides security patches for the Linux kernel, including common shared libraries like glibc, openssh, openssl, and zlib.

TuxCare regularly monitors critical Linux kernel vulnerabilities and security issues associated with the operating systems included in your Extended Lifecycle Support program. We promptly issue patches for both security threats and routine maintenance matters as soon as they are finalized and thoroughly tested.

Speak to a TuxCare expert if you have a particular use case for a distribution that is not yet supported, and we will see if we can keep your unique systems operating smoothly and safely.

 

The sources for this article include a story from LinuxSecurity.

Summary
Two Critical OpenSSH Vulnerabilities Fixed
Article Name
Two Critical OpenSSH Vulnerabilities Fixed
Description
Two critical security vulnerabilities were recently addressed in OpenSSH that allow remote code execution (RCE).
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!