CVE-2023-38408 - August 2023 on RHEL 7
This BMC Discovery RHEL 7 OS upgrade includes all applicable RHEL 7 updates to mitigate an issue in OpenSSH (CVE-2023-38408).
"The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) Note: this issue exists because of an incomplete fix for CVE-2016-10009."
(Source: https://nvd.nist.gov/vuln/detail/CVE-2023-38408)
The OS upgrade supports the installed BMC Discovery (64-bit architecture) virtual appliances on RHEL 7. The following file is available from the BMC Electronic Product Distribution (EPD) site for 64-bit architecture:
ADDM_OS_Upgrade_RHEL_64_7.23.08.01_866615_ga.sh.gz
Packages that have been updated since the previous OS upgrade are listed below, with the version numbers:
- drbd90-utils-9.25.0-1.el7.elrepo
- openssh-7.4p1-23.el7_9
- openssh-clients-7.4p1-23.el7_9
- openssh-server-7.4p1-23.el7_9
JDK package included:
- tw-jdk8-999-1.openjdk
This is unchanged from the previous release.
OS release included in this version:
- The OS release included in this update is 7.9.
This is unchanged from the previous release.
The following table shows the complete list of the OS-specific packages that will be present on a 64-bit Enterprise Edition of BMC Discovery after the latest OS upgrade has been installed.
Package name | Package name | Package name |
---|---|---|
acl-2.2.51-15.el7 | apr-1.4.8-7.el7 | apr-devel-1.4.8-7.el7 |
apr-util-1.5.2-6.el7_9.1 | apr-util-devel-1.5.2-6.el7_9.1 | audit-2.8.5-4.el7 |
audit-libs-2.8.5-4.el7 | authconfig-6.2.8-30.el7 | autogen-libopts-5.18-5.el7 |
avahi-libs-0.6.31-20.el7 | basesystem-10.0-7.el7 | bash-4.2.46-35.el7_9 |
bc-1.06.95-13.el7 | bind-export-libs-32:9.11.4-26.P2.el7_9.14 | bind-libs-32:9.11.4-26.P2.el7_9.14 |
bind-libs-lite-32:9.11.4-26.P2.el7_9.14 | bind-license-32:9.11.4-26.P2.el7_9.14 | bind-utils-32:9.11.4-26.P2.el7_9.14 |
binutils-2.27-44.base.el7_9.1 | biosdevname-0.7.3-2.el7 | boost-iostreams-1.53.0-28.el7 |
boost-random-1.53.0-28.el7 | boost-system-1.53.0-28.el7 | boost-thread-1.53.0-28.el7 |
bzip2-1.0.6-13.el7 | bzip2-libs-1.0.6-13.el7 | ca-certificates-2022.2.54-74.el7_9 |
chkconfig-1.7.6-1.el7 | chrony-3.4-1.el7 | cifs-utils-6.2-10.el7 |
compat-libstdc++-33-3.2.3-72.el7 | copy-jdk-configs-3.3-11.el7_9 | coreutils-8.22-24.el7_9.2 |
cpio-2.11-28.el7 | cpp-4.8.5-44.el7 | cracklib-2.9.0-11.el7 |
cracklib-dicts-2.9.0-11.el7 | cronie-1.4.11-25.el7_9 | cronie-anacron-1.4.11-25.el7_9 |
crontabs-1.11-6.20121102git.el7 | cryptsetup-2.0.3-6.el7 | cryptsetup-libs-2.0.3-6.el7 |
cups-libs-1:1.6.3-51.el7 | curl-7.29.0-59.el7_9.1 | cyrus-sasl-2.1.26-24.el7_9 |
cyrus-sasl-devel-2.1.26-24.el7_9 | cyrus-sasl-lib-2.1.26-24.el7_9 | dbus-1:1.10.24-15.el7 |
dbus-libs-1:1.10.24-15.el7 | dejavu-fonts-common-2.33-6.el7 | dejavu-sans-fonts-2.33-6.el7 |
device-mapper-7:1.02.170-6.el7_9.5 | device-mapper-event-7:1.02.170-6.el7_9.5 | device-mapper-event-libs-7:1.02.170-6.el7_9.5 |
device-mapper-libs-7:1.02.170-6.el7_9.5 | device-mapper-multipath-0.4.9-136.el7_9 | device-mapper-multipath-libs-0.4.9-136.el7_9 |
device-mapper-persistent-data-0.8.5-3.el7_9.2 | dhclient-12:4.2.5-83.el7_9.1 | dhcp-common-12:4.2.5-83.el7_9.1 |
dhcp-libs-12:4.2.5-83.el7_9.1 | diffutils-3.3-6.el7_9 | dmidecode-1:3.2-5.el7_9.1 |
dos2unix-6.0.3-7.el7 | dracut-033-572.el7 | dracut-config-rescue-033-572.el7 |
dracut-fips-033-572.el7 | dracut-network-033-572.el7 | drbd90-utils-9.25.0-1.el7.elrepo |
e2fsprogs-1.42.9-19.el7 | e2fsprogs-libs-1.42.9-19.el7 | elfutils-0.176-5.el7 |
elfutils-default-yama-scope-0.176-5.el7 | elfutils-libelf-0.176-5.el7 | elfutils-libs-0.176-5.el7 |
emacs-filesystem-1:24.3-23.el7_9.1 | ethtool-2:4.8-10.el7 | expat-2.1.0-15.el7_9 |
expat-devel-2.1.0-15.el7_9 | file-5.11-37.el7 | file-libs-5.11-37.el7 |
filesystem-3.2-25.el7 | findutils-1:4.5.11-6.el7 | fipscheck-1.4.1-6.el7 |
fipscheck-lib-1.4.1-6.el7 | fontconfig-2.13.0-4.3.el7 | fontpackages-filesystem-1.44-8.el7 |
freetype-2.8-14.el7_9.1 | fuse-2.9.2-11.el7 | fuse-libs-2.9.2-11.el7 |
gawk-4.0.2-4.el7_3.1 | gcc-4.8.5-44.el7 | gdb-7.6.1-120.el7 |
gdbm-1.10-8.el7 | GeoIP-1.5.0-14.el7 | geoipupdate-2.5.0-2.el7 |
gettext-0.19.8.1-3.el7_9 | gettext-libs-0.19.8.1-3.el7_9 | glib2-2.56.1-9.el7_9 |
glibc-2.17-326.el7_9 | glibc-common-2.17-326.el7_9 | glibc-devel-2.17-326.el7_9 |
glibc-headers-2.17-326.el7_9 | gmp-1:6.0.0-15.el7 | gnupg2-2.0.22-5.el7_5 |
gnutls-3.3.29-9.el7_6 | grep-2.20-3.el7 | groff-base-1.22.2-8.el7 |
grub2-1:2.02-0.87.el7_9.11 | grub2-common-1:2.02-0.87.el7_9.11 | grub2-pc-1:2.02-0.87.el7_9.11 |
grub2-pc-modules-1:2.02-0.87.el7_9.11 | grub2-tools-1:2.02-0.87.el7_9.11 | grub2-tools-extra-1:2.02-0.87.el7_9.11 |
grub2-tools-minimal-1:2.02-0.87.el7_9.11 | grubby-8.28-26.el7 | gzip-1.5-11.el7_9 |
hardlink-1:1.0-19.el7 | hmaccalc-0.9.13-4.el7 | hostname-3.13-3.el7_7.1 |
httpd-2.4.6-99.el7_9.1 | httpd-devel-2.4.6-99.el7_9.1 | httpd-tools-2.4.6-99.el7_9.1 |
hwdata-0.252-9.7.el7 | info-5.1-5.el7 | initscripts-9.49.53-1.el7_9.1 |
iproute-4.11.0-30.el7 | iprutils-2.4.17.1-3.el7_7 | iptables-1.4.21-35.el7 |
iptables-services-1.4.21-35.el7 | iputils-20160308-10.el7 | irqbalance-3:1.0.7-12.el7 |
iscsi-initiator-utils-6.2.0.874-22.el7_9 | iscsi-initiator-utils-iscsiuio-6.2.0.874-22.el7_9 | jansson-2.10-1.el7 |
java-1.8.0-openjdk-headless-1:1.8.0.382.b05-1.el7_9 | javapackages-tools-3.4.1-11.el7 | jbigkit-libs-2.0-11.el7 |
json-c-0.11-4.el7_0 | kbd-1.15.5-16.el7_9 | kbd-legacy-1.15.5-16.el7_9 |
kbd-misc-1.15.5-16.el7_9 | kernel-3.10.0-1160.95.1.el7 | kernel-headers-3.10.0-1160.95.1.el7 |
kexec-tools-2.0.15-51.el7_9.3 | keyutils-1.5.8-3.el7 | keyutils-libs-1.5.8-3.el7 |
kmod-20-28.el7 | kmod-drbd90-9.1.15-1.el7_9.elrepo | kmod-libs-20-28.el7 |
kpartx-0.4.9-136.el7_9 | krb5-libs-1.15.1-55.el7_9 | krb5-workstation-1.15.1-55.el7_9 |
less-458-9.el7 | libacl-2.2.51-15.el7 | libaio-0.3.109-13.el7 |
libarchive-3.1.2-14.el7_7 | libassuan-2.1.0-3.el7 | libattr-2.4.46-13.el7 |
libblkid-2.23.2-65.el7_9.1 | libcap-2.22-11.el7 | libcap-ng-0.7.5-4.el7 |
libcom_err-1.42.9-19.el7 | libcom_err-devel-1.42.9-19.el7 | libcroco-0.6.12-6.el7_9 |
libcurl-7.29.0-59.el7_9.1 | libdaemon-0.14-7.el7 | libdb-5.3.21-25.el7 |
libdb-devel-5.3.21-25.el7 | libdb-utils-5.3.21-25.el7 | libdnet-1.12-13.1.el7 |
libdrm-2.4.97-2.el7 | libedit-3.0-12.20121213cvs.el7 | libestr-0.1.9-2.el7 |
libfastjson-0.99.4-3.el7 | libffi-3.0.13-19.el7 | libgcc-4.8.5-44.el7 |
libgcrypt-1.5.3-14.el7 | libgomp-4.8.5-44.el7 | libgpg-error-1.12-3.el7 |
libicu-50.2-4.el7_7 | libidn-1.28-4.el7 | libjpeg-turbo-1.2.90-8.el7 |
libkadm5-1.15.1-55.el7_9 | libldb-1.5.4-2.el7_9 | libmnl-1.0.3-7.el7 |
libmount-2.23.2-65.el7_9.1 | libmpc-1.0.1-3.el7 | libmspack-0.5-0.8.alpha.el7 |
libndp-1.2-9.el7 | libnetfilter_conntrack-1.0.6-1.el7_3 | libnfnetlink-1.0.1-4.el7 |
libnl3-3.2.28-4.el7 | libnl3-cli-3.2.28-4.el7 | libpcap-14:1.5.3-13.el7_9 |
libpciaccess-0.14-1.el7 | libpipeline-1.2.3-3.el7 | libpng-2:1.5.13-8.el7 |
libpwquality-1.2.3-5.el7 | librados2-1:10.2.5-4.el7 | libreport-filesystem-2.1.11-53.el7 |
libseccomp-2.3.1-4.el7 | libselinux-2.5-15.el7 | libselinux-utils-2.5-15.el7 |
libsemanage-2.5-14.el7 | libsepol-2.5-10.el7 | libsmartcols-2.23.2-65.el7_9.1 |
libsmbclient-0:4.10.16-24.el7_9 | libss-1.42.9-19.el7 | libssh-0.7.1-7.el7 |
libssh2-1.8.0-4.el7 | libstdc++-4.8.5-44.el7 | libsysfs-2.1.0-16.el7 |
libtalloc-2.1.16-1.el7 | libtasn1-4.10-1.el7 | libtdb-1.3.18-1.el7 |
libteam-1.29-3.el7 | libtevent-0.9.39-1.el7 | libtiff-4.0.3-35.el7 |
libtirpc-0.2.4-0.16.el7 | libtool-ltdl-2.4.2-22.el7_3 | libunistring-0.9.3-9.el7 |
libuser-0.60-9.el7 | libutempter-1.1.6-4.el7 | libuuid-2.23.2-65.el7_9.1 |
libverto-0.2.5-4.el7 | libwbclient-0:4.10.16-24.el7_9 | libX11-1.6.7-4.el7_9 |
libX11-common-1.6.7-4.el7_9 | libXau-1.0.8-2.1.el7 | libxcb-1.13-1.el7 |
libXft-2.3.2-2.el7 | libxml2-2.9.1-6.el7_9.6 | libXrender-0.9.10-1.el7 |
libxslt-1.1.28-6.el7 | libyaml-0.1.4-11.el7_0 | libzstd-1.5.0-1.el7 |
linux-firmware-20200421-80.git78c0348.el7_9 | lksctp-tools-1.0.17-2.el7 | lm_sensors-libs-3.4.0-8.20160601gitf9185e5.el7 |
logrotate-3.8.6-19.el7 | lsscsi-0.27-6.el7 | lua-5.1.4-15.el7 |
lvm2-7:2.02.187-6.el7_9.5 | lvm2-libs-7:2.02.187-6.el7_9.5 | lz4-1.8.3-1.el7 |
lzo-2.06-8.el7 | mailcap-2.1.41-2.el7 | mailx-12.5-19.el7 |
make-1:3.82-24.el7 | man-db-2.6.3-11.el7 | mariadb-libs-1:5.5.68-1.el7 |
mdadm-4.1-9.el7_9 | microcode_ctl-2:2.1-73.15.el7_9 | mod_nss-1.0.14-12.el7 |
mod_ssl-1:2.4.6-99.el7_9.1 | mozjs17-17.0.0-20.el7 | mpfr-3.1.1-4.el7 |
nano-2.3.1-10.el7 | ncurses-5.9-14.20130511.el7_4 | ncurses-base-5.9-14.20130511.el7_4 |
ncurses-libs-5.9-14.20130511.el7_4 | net-snmp-1:5.7.2-49.el7_9.2 | net-snmp-agent-libs-1:5.7.2-49.el7_9.2 |
net-snmp-libs-1:5.7.2-49.el7_9.2 | nettle-2.7.1-9.el7_9 | net-tools-2.0-0.25.20131004git.el7 |
NetworkManager-1:1.18.8-2.el7_9 | NetworkManager-libnm-1:1.18.8-2.el7_9 | NetworkManager-team-1:1.18.8-2.el7_9 |
NetworkManager-tui-1:1.18.8-2.el7_9 | newt-0.52.15-4.el7 | newt-python-0.52.15-4.el7 |
nspr-4.34.0-3.1.el7_9 | nss-3.79.0-5.el7_9 | nss-pem-1.0.3-7.el7_9.1 |
nss-softokn-3.79.0-4.el7_9 | nss-softokn-freebl-3.79.0-4.el7_9 | nss-sysinit-3.79.0-5.el7_9 |
nss-tools-3.79.0-5.el7_9 | nss-util-3.79.0-1.el7_9 | numactl-libs-2.0.12-5.el7 |
openldap-2.4.44-25.el7_9 | openldap-clients-2.4.44-25.el7_9 | openldap-devel-2.4.44-25.el7_9 |
openssh-7.4p1-23.el7_9 | openssh-clients-7.4p1-23.el7_9 | openssh-server-7.4p1-23.el7_9 |
openssl-1:1.0.2k-26.el7_9 | openssl-libs-1:1.0.2k-26.el7_9 | open-vm-tools-11.0.5-3.el7_9.6 |
os-prober-1.58-9.el7 | p11-kit-0.23.5-3.el7 | p11-kit-trust-0.23.5-3.el7 |
pam-1.1.8-23.el7 | parted-3.1-32.el7 | passwd-0.79-6.el7 |
pciutils-3.5.1-3.el7 | pciutils-libs-3.5.1-3.el7 | pcre-8.32-17.el7 |
pcsc-lite-libs-1.8.8-8.el7 | perl-4:5.16.3-299.el7_9 | perl-Carp-1.26-244.el7 |
perl-constant-1.27-2.el7 | perl-Data-Dumper-2.145-3.el7 | perl-Encode-2.51-7.el7 |
perl-Exporter-5.68-3.el7 | perl-File-Path-2.09-2.el7 | perl-File-Temp-0.23.01-3.el7 |
perl-Filter-1.49-3.el7 | perl-Getopt-Long-2.40-3.el7 | perl-HTTP-Tiny-0.033-3.el7 |
perl-libs-4:5.16.3-299.el7_9 | perl-macros-4:5.16.3-299.el7_9 | perl-parent-1:0.225-244.el7 |
perl-PathTools-3.40-5.el7 | perl-Pod-Escapes-1:1.04-299.el7_9 | perl-podlators-2.5.1-3.el7 |
perl-Pod-Perldoc-3.20-4.el7 | perl-Pod-Simple-1:3.28-4.el7 | perl-Pod-Usage-1.63-3.el7 |
perl-Scalar-List-Utils-1.27-248.el7 | perl-Socket-2.010-5.el7 | perl-Storable-2.45-3.el7 |
perl-Text-ParseWords-3.29-4.el7 | perl-threads-1.87-4.el7 | perl-threads-shared-1.43-6.el7 |
perl-Time-HiRes-4:1.9725-3.el7 | perl-Time-Local-1.2300-2.el7 | pinentry-0.8.1-17.el7 |
pkgconfig-1:0.27.1-4.el7 | plymouth-0.8.9-0.34.20140113.el7 | plymouth-core-libs-0.8.9-0.34.20140113.el7 |
plymouth-scripts-0.8.9-0.34.20140113.el7 | policycoreutils-2.5-34.el7 | polkit-0.112-26.el7_9.1 |
polkit-pkla-compat-0.1-4.el7 | popt-1.13-16.el7 | postfix-2:2.10.1-9.el7 |
procps-ng-3.3.10-28.el7 | psmisc-22.20-17.el7 | pth-2.0.7-23.el7 |
pyldb-1.5.4-2.el7_9 | pytalloc-2.1.16-1.el7 | python-2.7.5-93.el7_9 |
python-javapackages-3.4.1-11.el7 | python-libs-2.7.5-93.el7_9 | python-lxml-3.2.1-4.el7 |
python-tdb-1.3.18-1.el7 | qrencode-libs-3.4.1-3.el7 | readline-6.2-11.el7 |
redhat-logos-70.7.0-1.el7 | redhat-release-server-7.9-6.el7_9 | rootfiles-8.1-11.el7 |
rpm-4.11.3-48.el7_9 | rpm-build-libs-4.11.3-48.el7_9 | rpm-libs-4.11.3-48.el7_9 |
rsh-0.17-80.el7 | rsync-3.1.2-12.el7_9 | rsyslog-8.24.0-57.el7_9.3 |
samba-client-0:4.10.16-24.el7_9 | samba-client-libs-0:4.10.16-24.el7_9 | samba-common-0:4.10.16-24.el7_9 |
samba-common-libs-0:4.10.16-24.el7_9 | samba-libs-0:4.10.16-24.el7_9 | screen-4.1.0-0.27.20120314git3c2946.el7_9 |
sed-4.2.2-7.el7 | selinux-policy-3.13.1-268.el7_9.2 | selinux-policy-targeted-3.13.1-268.el7_9.2 |
setup-2.8.71-11.el7 | shadow-utils-2:4.6-5.el7 | shared-mime-info-1.8-5.el7 |
slang-2.2.4-11.el7 | snappy-1.1.0-3.el7 | sqlite-3.7.17-8.el7_7.1 |
stix-fonts-1.1.0-5.el7 | strace-4.24-6.el7 | sudo-1.8.23-10.el7_9.3 |
sysfsutils-2.1.0-16.el7 | sysstat-10.1.5-20.el7_9 | systemd-219-78.el7_9.7 |
systemd-libs-219-78.el7_9.7 | systemd-sysv-219-78.el7_9.7 | sysvinit-tools-2.88-14.dsf.el7 |
tar-2:1.26-35.el7 | tcl-1:8.5.13-8.el7 | tcpdump-14:4.9.2-4.el7_7.1 |
tcp_wrappers-libs-7.6-77.el7 | teamd-1.29-3.el7 | telnet-1:0.17-66.el7 |
tk-1:8.5.13-6.el7 | trousers-0.3.14-2.el7 | tzdata-2023c-1.el7 |
tzdata-java-2023c-1.el7 | unzip-6.0-24.el7_9 | ustr-1.0.4-16.el7 |
util-linux-2.23.2-65.el7_9.1 | vim-minimal-2:7.4.629-8.el7_9 | wget-1.14-18.el7_6.1 |
which-2.20-7.el7 | wpa_supplicant-1:2.6-12.el7_9.2 | xfsprogs-4.5.0-22.el7 |
xmlsec1-1.2.20-7.el7_4 | xmlsec1-openssl-1.2.20-7.el7_4 | xz-5.2.2-2.el7_9 |
xz-libs-5.2.2-2.el7_9 | zlib-1.2.7-21.el7_9 |
Comments
Log in or register to comment.