Applicable to:Situation- Vulnerability CVE-2023-51385 has been discovered for openssh-server package on Ubuntu/Debian servers.
ImpactIn ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell
metacharacters, and this name is referenced by an expansion token in certain situations. For example,an
untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
Call to actionIssue has been fixed and deployed with openssh-server package version 8.2p1-4ubuntu0.11.
If server is up to date, no further action is required.