CVE-2023-35812

Name of the Vulnerable Software and Affected Versions OpenSSH versions 7.4

Description An issue was discovered in OpenSSH because of an incomplete fix. The fix had only covered cases where an absolute path is passed to scp. When a relative path is used, there is no verification that the name of a file received by the client matches the file requested.

Recommendations For OpenSSH version 7.4, update to fixed packages with numbers 7.4p1-22.78.amzn1 for Amazon Linux 1 and 7.4p1-22.amzn2.0.2 for Amazon Linux 2.