SUSE_ALP_Standard/patchinfo.20240704202834160238.269002615871826/_patchinfo

<patchinfo incident="8">
  <!-- generated from request(s) 337749 -->
  <issue tracker="bnc" id="1217950">VUL-0: CVE-2023-48795: openssh: prefix truncation breaking ssh channel integrity aka Terrapin Attack</issue>
  <issue tracker="bnc" id="1218215">VUL-0: CVE-2023-51385: openssh: command injection via user name or host name metacharacters</issue>
  <issue tracker="bnc" id="1226642">VUL-0: CVE-2024-6387: openssh: regression of CVE-2006-5051</issue>
  <issue tracker="cve" id="2023-48795"/>
  <issue tracker="cve" id="2023-51385"/>
  <issue tracker="cve" id="2024-6387"/>
  <issue tracker="bnc" id="1227318">VUL-0: CVE-2024-39894: openssh: timing attacks against echo-off password entry</issue>
  <issue tracker="cve" id="2024-39894"/>
  <packager>alarrosa</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for openssh</summary>
  <description>This update for openssh fixes the following issues:

- CVE-2024-39894: Fixed timing attacks against echo-off password entry (bsc#1227318)
- CVE-2024-6387: Fixed race condition in a signal handler (bsc#1226642).
</description>
  <package>openssh</package>
  <package>openssh:openssh-askpass-gnome</package>
  <seperate_build_arch/>
</patchinfo>