Synopsis: Moderate: openssh security, bug fix, and enhancement Advisory ID: SLSA-2016:0741-1 Issue Date: 2016-05-10 CVE Numbers: CVE-2015-6563 CVE-2015-6564 CVE-2016-1908 CVE-2015-5352 -- Security Fix(es): * It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2015-5352) * A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. (CVE-2015-6563) * A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges. (CVE-2015-6564) * An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2016-1908) -- SL6 x86_64 openssh-5.3p1-117.el6.x86_64.rpm openssh-askpass-5.3p1-117.el6.x86_64.rpm openssh-clients-5.3p1-117.el6.x86_64.rpm openssh-debuginfo-5.3p1-117.el6.x86_64.rpm openssh-server-5.3p1-117.el6.x86_64.rpm openssh-debuginfo-5.3p1-117.el6.i686.rpm openssh-ldap-5.3p1-117.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-117.el6.i686.rpm pam_ssh_agent_auth-0.9.3-117.el6.x86_64.rpm i386 openssh-5.3p1-117.el6.i686.rpm openssh-askpass-5.3p1-117.el6.i686.rpm openssh-clients-5.3p1-117.el6.i686.rpm openssh-debuginfo-5.3p1-117.el6.i686.rpm openssh-server-5.3p1-117.el6.i686.rpm openssh-ldap-5.3p1-117.el6.i686.rpm pam_ssh_agent_auth-0.9.3-117.el6.i686.rpm - Scientific Linux Development Team