SUSE Package Hub - openSUSE-2024-36

Update Info

openSUSE-2024-36

Security update for tinyssh

Type: security

Severity: moderate

Issued: 2024-01-31

Description:

This update for tinyssh fixes the following issues:

tinyssh was updated to 20240101 (boo#1218197, CVE-2023-48795):

  * fixed channel_forkpty() race condition between close(slave)
    in parent process and login_tty(slave) in child process
  * fixed behavior when using terminal mode and stdin redirected
    to /dev/null 'ssh -tt -n'
  * added an 'strict-key' key exchange kex-strict-
    s-v00@openssh.com (Mitigates CVE-2023-48795 "Terrapin
    attack")

References

CVE: CVE-2023-48795
Bugzilla: 1218197 VUL-0: CVE-2023-48795: tinyssh: prefix truncation breaking ssh channel integrity aka Terrapin Attack

Packages

tinyssh-20240101-bp155.2.3.1