Description:

OpenSSH has released 9.3p2 to fix a vulnerability in various versions of OpenSSH. The details of the security update can be found at:
https://www.openssh.com/txt/release-9.3p2

Affected Systems:

• OpenSSH versions prior to version 9.3p2

Please note that a successful exploitation requires the presence of certain libraries on the victim system and the SSH authentication agent is forwarded to an attacker-controlled system.

Impact:

Successful exploitation of the vulnerability could lead to remote code execution on an affected system.

Recommendation:

Software updates for affected systems is now available. Users of affected systems should follow the recommendations provided by the software vendor and take immediate actions to mitigate the risk.

More Information:

• https://www.openssh.com/txt/release-9.3p2
• https://www.hkcert.org/security-bulletin/openssh-remote-code-execution-vulnerability_20230725
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38408