openssh-9.6p1-1.fc40.4
Backport fix for CVE-2024-6387 (rhbz#2294879)
Backport fix for ObscureKeystrokeTiming logic error from OpenSSH 9.8
openssh-9.3p1-11.fc39
Backport fix for CVE-2024-6387 (rhbz#2294879)
A vulnerability has been discovered in OpenSSH, which could allow for remote code execution. OpenSSH is a suite of secure networking utilities based on the SSH protocol and is crucial for secure communication over unsecured networks. It is widely used in enterprise environments for remote server management, secure file transfers, and various DevOps practices. Successful exploitation of this vulnerability could allow for remote code execution in the context of the administrator account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
It was discovered that OpenSSH incorrectly handled signal management. A
remote attacker could use this issue to bypass authentication and remotely
access systems without proper credentials.
It was discovered that eSpeak NG did not properly manage memory under certain
circumstances. An attacker could possibly use this issue to cause a denial
of service, or execute arbitrary code. (CVE-2023-49990, CVE-2023-49991,
CVE-2023-49992, CVE-2023-49993, CVE-2023-49994)
