Bugzilla – Bug 1183137
VUL-0: CVE-2021-28041: openssh-openssl1,openssh: double free in ssh-agent
Last modified: 2022-03-03 11:09:47 UTC
CVE-2021-28041 ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28041 https://www.openwall.com/lists/oss-security/2021/03/03/1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28041 https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db https://www.openssh.com/txt/release-8.5 https://www.openssh.com/security.html
according to external eval, only openssh 8.2 and newer are affected.
SUSE:SLE-15-SP3:Update/openssh is 8.4, so would be affected
@Marcus, on [1] page for this cve (CVE-2021-28041), the wrong bug is linked. SUSE Bugzilla entries: 1183135 [RESOLVED / DUPLICATE], 1183137 [NEW] bug 1183135 is about grub2 heap out-of-bound write, actually the whiteboard entry of that bug contains CVE-2021-28041 instead of the correct grub2 CVE-2021-3408. In addition, the minimal (single line) fix for ssh-agent CVE-2021-28041 released on most Linux distros is [2]. [1] https://www.suse.com/security/cve/CVE-2021-28041.html [2] https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/015_sshagent.patch.sig
I removed the 1183135 association from our db, should be reflect in 2 hours rebuild of the cve pages.
openSUSE-SU-2021:4153-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1183137 CVE References: CVE-2021-28041 JIRA References: Sources used: openSUSE Leap 15.3 (src): openssh-8.4p1-3.9.1, openssh-askpass-gnome-8.4p1-3.9.1
SUSE-SU-2021:4153-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1183137 CVE References: CVE-2021-28041 JIRA References: Sources used: SUSE MicroOS 5.1 (src): openssh-8.4p1-3.9.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): openssh-8.4p1-3.9.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): openssh-askpass-gnome-8.4p1-3.9.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): openssh-8.4p1-3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Verified this is both in SP3 and SP4. Can be closed if maint/security agree.
SLE-15-SP4 takes it from SUSE:SLE-15-SP3:Update, so everything is done here. Thanks