This update for openssh fixes the following issues: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent"s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim"s system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] * Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] * Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008]