HCE2-SA-2023-0255 Critical HCE 2.0 Security Fix(es): The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. (CVE-2023-38408) HCE 2.0 openssh-8.8p1-2.r27.hce2.aarch64.rpm openssh-askpass-8.8p1-2.r27.hce2.aarch64.rpm openssh-clients-8.8p1-2.r27.hce2.aarch64.rpm openssh-help-8.8p1-2.r27.hce2.noarch.rpm openssh-keycat-8.8p1-2.r27.hce2.aarch64.rpm openssh-server-8.8p1-2.r27.hce2.aarch64.rpm pam_ssh_agent_auth-0.10.4-4.2.r27.hce2.aarch64.rpm openssh-8.8p1-2.r27.hce2.x86_64.rpm openssh-askpass-8.8p1-2.r27.hce2.x86_64.rpm openssh-clients-8.8p1-2.r27.hce2.x86_64.rpm openssh-keycat-8.8p1-2.r27.hce2.x86_64.rpm openssh-server-8.8p1-2.r27.hce2.x86_64.rpm pam_ssh_agent_auth-0.10.4-4.2.r27.hce2.x86_64.rpm