Vulmon
Amazon Linux 1 Security Advisory: ALAS-2023-1898
Advisory Release Date: 2023-12-18 17:49 Pacific
Advisory Updated Date: 2023-12-18 17:49 Pacific
Severity:
Medium
Issue Overview:
AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH to fix this issue, which needs to be supported by both the client and server. We recommend customers update to the latest version of SSH. (CVE-2023-48795)
Affected Packages:
openssh
Issue Correction:
Run yum update openssh to update your system.
New Packages:
i686:
openssh-cavs-7.4p1-22.81.amzn1.i686
openssh-ldap-7.4p1-22.81.amzn1.i686
openssh-server-7.4p1-22.81.amzn1.i686
pam_ssh_agent_auth-0.10.3-2.22.81.amzn1.i686
openssh-clients-7.4p1-22.81.amzn1.i686
openssh-7.4p1-22.81.amzn1.i686
openssh-debuginfo-7.4p1-22.81.amzn1.i686
openssh-keycat-7.4p1-22.81.amzn1.i686
src:
openssh-7.4p1-22.81.amzn1.src
x86_64:
pam_ssh_agent_auth-0.10.3-2.22.81.amzn1.x86_64
openssh-debuginfo-7.4p1-22.81.amzn1.x86_64
openssh-cavs-7.4p1-22.81.amzn1.x86_64
openssh-keycat-7.4p1-22.81.amzn1.x86_64
openssh-7.4p1-22.81.amzn1.x86_64
openssh-clients-7.4p1-22.81.amzn1.x86_64
openssh-ldap-7.4p1-22.81.amzn1.x86_64
openssh-server-7.4p1-22.81.amzn1.x86_64