rpm package
suse/openssh&distro=SUSE Linux Enterprise Module for Server Applications 15 SP3
pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-41617 | Hig | 7.0 | < 8.4p1-3.6.1 | 8.4p1-3.6.1 | Sep 26, 2021 | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges | |
| CVE-2021-28041 | — | < 8.4p1-3.9.1 | 8.4p1-3.9.1 | Mar 5, 2021 | ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. |
- affected < 8.4p1-3.6.1fixed 8.4p1-3.6.1
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges
- CVE-2021-28041Mar 5, 2021affected < 8.4p1-3.9.1fixed 8.4p1-3.9.1
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.