Security Bulletin: OpenSSL and OpenSSH for IBM i are vulnerable to arbitrary code execution, denial of service, and security restrictions bypass due to multiple vulnerabilities.

​OpenSSH for IBM i is vulnerable to arbitrary code execution due to a flaw in ssh-agent (CVE-2023-38408), OpenSSL for IBM i is vulnerable to a denial of service due to a flaw in DH key check (CVE-2023-3817), a denial of service due to using an object to text function (CVE-2023-2650), and a security restrictions bypass due to a flaw verifying certificates (CVE-2023-0465) as described in the vulnerability details section. IBM i has addressed the vulnerabilities in OpenSSH and OpenSSL with a fix as described in the remediation/fixes section. Read More