* https://threatprotect.qualys.com/2023/12/26/ssh-proxycommand-unexpected-code-execution-vulnerability-cve-2023-51385/ * https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html """ SSH ProxyCommand allows users to proxy an SSH connection to a target. SSH ProxyCommand specifies the command to use to connect to the server. Arguments to this directive may contain tokens like %h and %u, which refer to hostname and username, respectively. The SSH Proxy feature also provides visibility into SSH traffic and control over the commands users execute in the SSH channel. """
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3dfe782899716a3480c9481c69bca8c231c663a7 commit 3dfe782899716a3480c9481c69bca8c231c663a7 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-12-28 02:21:28 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-12-28 02:22:09 +0000 [ GLSA 202312-17 ] OpenSSH: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/920292 Bug: https://bugs.gentoo.org/920722 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202312-17.xml | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+)