Overview

File _patchinfo of Package patchinfo.18280

<patchinfo incident="18280">
  <issue tracker="bnc" id="1218197">VUL-0: CVE-2023-48795: tinyssh: prefix truncation breaking ssh channel integrity aka Terrapin Attack</issue>
  <issue tracker="cve" id="2023-48795"/>
  <packager>dirkmueller</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for tinyssh</summary>
  <description>This update for tinyssh fixes the following issues:

tinyssh was updated to 20240101 (boo#1218197, CVE-2023-48795):

  * fixed channel_forkpty() race condition between close(slave)
    in parent process and login_tty(slave) in child process
  * fixed behavior when using terminal mode and stdin redirected
    to /dev/null 'ssh -tt -n'
  * added an 'strict-key' key exchange kex-strict-
    s-v00@openssh.com (Mitigates CVE-2023-48795 "Terrapin
    attack")
  </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places