ALAS-2023-2376

AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH to fix this issue, which needs to be supported by both the client and server. We recommend customers update to the latest version of SSH. (CVE-2023-48795)

aarch64:
    openssh-7.4p1-22.amzn2.0.6.aarch64
    openssh-clients-7.4p1-22.amzn2.0.6.aarch64
    openssh-server-7.4p1-22.amzn2.0.6.aarch64
    openssh-server-sysvinit-7.4p1-22.amzn2.0.6.aarch64
    openssh-ldap-7.4p1-22.amzn2.0.6.aarch64
    openssh-keycat-7.4p1-22.amzn2.0.6.aarch64
    openssh-askpass-7.4p1-22.amzn2.0.6.aarch64
    openssh-cavs-7.4p1-22.amzn2.0.6.aarch64
    pam_ssh_agent_auth-0.10.3-2.22.amzn2.0.6.aarch64
    openssh-debuginfo-7.4p1-22.amzn2.0.6.aarch64

i686:
    openssh-7.4p1-22.amzn2.0.6.i686
    openssh-clients-7.4p1-22.amzn2.0.6.i686
    openssh-server-7.4p1-22.amzn2.0.6.i686
    openssh-server-sysvinit-7.4p1-22.amzn2.0.6.i686
    openssh-ldap-7.4p1-22.amzn2.0.6.i686
    openssh-keycat-7.4p1-22.amzn2.0.6.i686
    openssh-askpass-7.4p1-22.amzn2.0.6.i686
    openssh-cavs-7.4p1-22.amzn2.0.6.i686
    pam_ssh_agent_auth-0.10.3-2.22.amzn2.0.6.i686
    openssh-debuginfo-7.4p1-22.amzn2.0.6.i686

src:
    openssh-7.4p1-22.amzn2.0.6.src

x86_64:
    openssh-7.4p1-22.amzn2.0.6.x86_64
    openssh-clients-7.4p1-22.amzn2.0.6.x86_64
    openssh-server-7.4p1-22.amzn2.0.6.x86_64
    openssh-server-sysvinit-7.4p1-22.amzn2.0.6.x86_64
    openssh-ldap-7.4p1-22.amzn2.0.6.x86_64
    openssh-keycat-7.4p1-22.amzn2.0.6.x86_64
    openssh-askpass-7.4p1-22.amzn2.0.6.x86_64
    openssh-cavs-7.4p1-22.amzn2.0.6.x86_64
    pam_ssh_agent_auth-0.10.3-2.22.amzn2.0.6.x86_64
    openssh-debuginfo-7.4p1-22.amzn2.0.6.x86_64