CVE-2023-28531
Published: 17 March 2023
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints.
Notes
| Author | Note |
|---|---|
| seth-arnold | openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. |
| sbeattie | introduced in openssh 8.9 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openssh Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(only affects 8.9 and newer)
|
| focal |
Not vulnerable
(only affects 8.9 and newer)
|
|
| jammy |
Needed
|
|
| kinetic |
Needed
|
|
| trusty |
Not vulnerable
(only affects 8.9 and newer)
|
|
| upstream |
Released
(9.3)
|
|
| xenial |
Not vulnerable
(only affects 8.9 and newer)
|
|
|
openssh-ssh1 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(only affects 8.9 and newer)
|
| focal |
Not vulnerable
(only affects 8.9 and newer)
|
|
| jammy |
Not vulnerable
(only affects 8.9 and newer)
|
|
| kinetic |
Not vulnerable
(only affects 8.9 and newer)
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(frozen on openssh 7.5p)
|
|
| xenial |
Does not exist
|