Hide Forgot
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server. https://www.mail-archive.com/dev@mina.apache.org/msg39312.html
Created apache-sshd tracking bugs for this issue: Affects: fedora-all [bug 2145200]
This issue has been addressed in the following products: Red Hat build of Quarkus Platform 2.7.6.SP3 Via RHSA-2022:8957 https://access.redhat.com/errata/RHSA-2022:8957
This issue has been addressed in the following products: Red Hat Virtualization Engine 4.4 Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2023:0074 https://access.redhat.com/errata/RHSA-2023:0074
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2023:0553 https://access.redhat.com/errata/RHSA-2023:0553
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2023:0552 https://access.redhat.com/errata/RHSA-2023:0552
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2023:0554 https://access.redhat.com/errata/RHSA-2023:0554
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2023:0556 https://access.redhat.com/errata/RHSA-2023:0556
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2023:0560 https://access.redhat.com/errata/RHSA-2023:0560
This issue has been addressed in the following products: Red Hat Data Grid 8.4.1 Via RHSA-2023:0713 https://access.redhat.com/errata/RHSA-2023:0713
This issue has been addressed in the following products: Red Hat build of Quarkus Via RHSA-2023:0758 https://access.redhat.com/errata/RHSA-2023:0758
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2023:0777 https://access.redhat.com/errata/RHSA-2023:0777
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 7 Via RHSA-2023:1043 https://access.redhat.com/errata/RHSA-2023:1043
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 8 Via RHSA-2023:1044 https://access.redhat.com/errata/RHSA-2023:1044
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 9 Via RHSA-2023:1045 https://access.redhat.com/errata/RHSA-2023:1045
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2023:1047 https://access.redhat.com/errata/RHSA-2023:1047
This issue has been addressed in the following products: Red Hat Single Sign-On Via RHSA-2023:1049 https://access.redhat.com/errata/RHSA-2023:1049
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.12 Via RHSA-2023:1064 https://access.redhat.com/errata/RHSA-2023:1064
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.11 Via RHSA-2023:3198 https://access.redhat.com/errata/RHSA-2023:3198
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-45047