CLSA-2024-1707420183
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1707420183.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2024-1707420183
- Upstream
- Published
- 2024-02-08T19:23:05Z
- Modified
- 2026-06-04T09:47:24.271692790Z
- Summary
- Fix CVE(s): CVE-2023-48795
- Details
-
- SECURITY UPDATE: it's possible to remove the initial messages on the
secure channel without causing a MAC failure
- debian/patches/CVE-2023-48795.patch: implement "strict key exchange" in ssh and sshd
- CVE-2023-48795
- SECURITY UPDATE: it's possible to remove the initial messages on the
secure channel without causing a MAC failure
- References
Affected packages
TuxCare:Ubuntu:18.04 / openssh-client
Package
- Name
- openssh-client
- Purl
- pkg:deb/tuxcare/openssh-client?distro=ubuntu-18.04
TuxCare:Ubuntu:18.04 / openssh-server
Package
- Name
- openssh-server
- Purl
- pkg:deb/tuxcare/openssh-server?distro=ubuntu-18.04
TuxCare:Ubuntu:18.04 / openssh-sftp-server
Package
- Name
- openssh-sftp-server
- Purl
- pkg:deb/tuxcare/openssh-sftp-server?distro=ubuntu-18.04
TuxCare:Ubuntu:18.04 / ssh
Package
- Name
- ssh
- Purl
- pkg:deb/tuxcare/ssh?distro=ubuntu-18.04