OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability


To fix a variety of security flaws, including a memory safety issue in the OpenSSH server, the OpenSSH maintainers have released OpenSSH 9.2. The flaw, which has been identified as CVE-2023-25136, has been categorized as a pre-authentication double-free vulnerability that first appeared in version 9.1. The unprivileged pre-auth process, which is susceptible to chroot(2) and is further sandboxed on most major systems, contains this, which is not thought to be exploitable, according to OpenSSH’s release notes from February 2, 2023. OpenSSH is an open source client-server implementation of the secure shell (SSH) protocol that provides a number of services enabling encrypted communication across an insecure network.

Read More…