OESA-2021-1377
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1377
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2021-1377.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2021-1377
- Upstream
- Published
- 2021-10-15T11:03:15Z
- Modified
- 2025-08-12T05:05:28.580670Z
- Summary
- openssh security update
- Details
-
OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options.
Security Fix(es):
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.(CVE-2021-41617)
scp in OpenSSH through 8.3p1 allows command injection in scp.c remote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of anomalous argument transfers because that could stand a great chance of breaking existing workflows.(CVE-2020-15778)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP1 / openssh
Package
- Name
- openssh
- Purl
- pkg:rpm/openEuler/openssh&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.2p1-14.oe1
Ecosystem specific
{
"noarch": [
"openssh-help-8.2p1-14.oe1.noarch.rpm"
],
"aarch64": [
"openssh-cavs-8.2p1-14.oe1.aarch64.rpm",
"openssh-debugsource-8.2p1-14.oe1.aarch64.rpm",
"openssh-server-8.2p1-14.oe1.aarch64.rpm",
"openssh-askpass-8.2p1-14.oe1.aarch64.rpm",
"pam_ssh_agent_auth-0.10.3-9.14.oe1.aarch64.rpm",
"openssh-clients-8.2p1-14.oe1.aarch64.rpm",
"openssh-8.2p1-14.oe1.aarch64.rpm",
"openssh-ldap-8.2p1-14.oe1.aarch64.rpm",
"openssh-debuginfo-8.2p1-14.oe1.aarch64.rpm",
"openssh-keycat-8.2p1-14.oe1.aarch64.rpm"
],
"src": [
"openssh-8.2p1-14.oe1.src.rpm"
],
"x86_64": [
"openssh-askpass-8.2p1-14.oe1.x86_64.rpm",
"openssh-debugsource-8.2p1-14.oe1.x86_64.rpm",
"openssh-clients-8.2p1-14.oe1.x86_64.rpm",
"openssh-server-8.2p1-14.oe1.x86_64.rpm",
"openssh-debuginfo-8.2p1-14.oe1.x86_64.rpm",
"openssh-ldap-8.2p1-14.oe1.x86_64.rpm",
"pam_ssh_agent_auth-0.10.3-9.14.oe1.x86_64.rpm",
"openssh-keycat-8.2p1-14.oe1.x86_64.rpm",
"openssh-cavs-8.2p1-14.oe1.x86_64.rpm",
"openssh-8.2p1-14.oe1.x86_64.rpm"
]
}
openEuler:20.03-LTS-SP2 / openssh
Package
- Name
- openssh
- Purl
- pkg:rpm/openEuler/openssh&distro=openEuler-20.03-LTS-SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.2p1-14.oe1
Ecosystem specific
{
"noarch": [
"openssh-help-8.2p1-14.oe1.noarch.rpm"
],
"aarch64": [
"openssh-debuginfo-8.2p1-14.oe1.aarch64.rpm",
"openssh-askpass-8.2p1-14.oe1.aarch64.rpm",
"openssh-debugsource-8.2p1-14.oe1.aarch64.rpm",
"openssh-8.2p1-14.oe1.aarch64.rpm",
"pam_ssh_agent_auth-0.10.3-9.14.oe1.aarch64.rpm",
"openssh-ldap-8.2p1-14.oe1.aarch64.rpm",
"openssh-cavs-8.2p1-14.oe1.aarch64.rpm",
"openssh-keycat-8.2p1-14.oe1.aarch64.rpm",
"openssh-clients-8.2p1-14.oe1.aarch64.rpm",
"openssh-server-8.2p1-14.oe1.aarch64.rpm"
],
"src": [
"openssh-8.2p1-14.oe1.src.rpm"
],
"x86_64": [
"openssh-debuginfo-8.2p1-14.oe1.x86_64.rpm",
"openssh-8.2p1-14.oe1.x86_64.rpm",
"openssh-keycat-8.2p1-14.oe1.x86_64.rpm",
"openssh-ldap-8.2p1-14.oe1.x86_64.rpm",
"openssh-server-8.2p1-14.oe1.x86_64.rpm",
"openssh-askpass-8.2p1-14.oe1.x86_64.rpm",
"openssh-clients-8.2p1-14.oe1.x86_64.rpm",
"openssh-cavs-8.2p1-14.oe1.x86_64.rpm",
"pam_ssh_agent_auth-0.10.3-9.14.oe1.x86_64.rpm",
"openssh-debugsource-8.2p1-14.oe1.x86_64.rpm"
]
}