News:

SMF - Just Installed!

Main Menu

Vulnerability CVE-2023-51385

Started by senthil, Sep 27, 2025, 07:37 AM

Previous topic - Next topic

senthil

Applicable to:
  • Plesk for Linux
Situation
  • Vulnerability CVE-2023-51385 has been discovered for openssh-server package on Ubuntu/Debian servers.
Impact

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell
metacharacters, and this name is referenced by an expansion token in certain situations. For example,an
untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

Call to action

Issue has been fixed and deployed with openssh-server package version 8.2p1-4ubuntu0.11.

If server is up to date, no further action is required.