The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
Created openssh tracking bugs for this issue: Affects: fedora-all [bug 2224179]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4329 https://access.redhat.com/errata/RHSA-2023:4329
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4381 https://access.redhat.com/errata/RHSA-2023:4381
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:4383 https://access.redhat.com/errata/RHSA-2023:4383
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:4384 https://access.redhat.com/errata/RHSA-2023:4384
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:4382 https://access.redhat.com/errata/RHSA-2023:4382
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4412 https://access.redhat.com/errata/RHSA-2023:4412
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4413 https://access.redhat.com/errata/RHSA-2023:4413
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4419 https://access.redhat.com/errata/RHSA-2023:4419
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2023:4428 https://access.redhat.com/errata/RHSA-2023:4428
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-38408
This issue has been addressed in the following products: DEVWORKSPACE-1.0-RHEL-8 Via RHSA-2023:4889 https://access.redhat.com/errata/RHSA-2023:4889