Plesk for Linux
kb: technical
Applicable to:
- Plesk for Linux
Situation
- Vulnerability CVE-2023-51385 has been discovered for
openssh-server
package on Ubuntu/Debian servers.
Impact
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
Call to action
Issue has been fixed and deployed with openssh-server
package version 8.2p1-4ubuntu0.11.
If server is up to date, no further action is required.
Comments
0 comments
Please sign in to leave a comment.