SCIENTIFIC-LINUX-ERRATA Archives

March 2016

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: openssh on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Mon, 21 Mar 2016 21:58:14 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (39 lines) 
Synopsis:          Moderate: openssh security update
Advisory ID:       SLSA-2016:0465-1
Issue Date:        2016-03-21
CVE Numbers:       CVE-2016-1908
                   CVE-2016-3115
--

It was discovered that the OpenSSH server did not sanitize data received
in requests to enable X11 forwarding. An authenticated client with
restricted SSH access could possibly use this flaw to bypass intended
restrictions. (CVE-2016-3115)

An access flaw was discovered in OpenSSH; the OpenSSH client did not
correctly handle failures to generate authentication cookies for untrusted
X11 forwarding. A malicious or compromised remote X application could
possibly use this flaw to establish a trusted connection to the local X
server, even if only untrusted X11 forwarding was requested.
(CVE-2016-1908)

After installing this update, the OpenSSH server daemon (sshd) will be
restarted automatically.
--

SL7
  x86_64
    openssh-6.6.1p1-25.el7_2.x86_64.rpm
    openssh-askpass-6.6.1p1-25.el7_2.x86_64.rpm
    openssh-clients-6.6.1p1-25.el7_2.x86_64.rpm
    openssh-debuginfo-6.6.1p1-25.el7_2.x86_64.rpm
    openssh-keycat-6.6.1p1-25.el7_2.x86_64.rpm
    openssh-server-6.6.1p1-25.el7_2.x86_64.rpm
    openssh-debuginfo-6.6.1p1-25.el7_2.i686.rpm
    openssh-ldap-6.6.1p1-25.el7_2.x86_64.rpm
    openssh-server-sysvinit-6.6.1p1-25.el7_2.x86_64.rpm
    pam_ssh_agent_auth-0.9.3-9.25.el7_2.i686.rpm
    pam_ssh_agent_auth-0.9.3-9.25.el7_2.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2