Contributed by grey on from the It's Wednesday, but you should still patch this now. dept.
"We've just made an OpenSSH release to fix a remotely exploitable RCE vulnerability in ssh-agent's PKCS#11 support (CVE-2023-38408). Details at https://openssh.com/releasenotes.html#9.3p2
Thanks to the Qualys Security Advisory Team for finding and reporting this bug."
This appears to impact every version of OpenSSH's ssh-agent from 5.5 onwards.
(Comments are closed)