Gentoo Archives: gentoo-announce

From: Yury German <blueknight@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201512-04 ] OpenSSH: Multiple vulnerabilities
Date: Mon, 21 Dec 2015 14:19:20
Message-Id: 56780A04.2060506@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201512-04
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: OpenSSH: Multiple vulnerabilities
9 Date: December 20, 2015
10 Bugs: #553724, #555518, #557340
11 ID: 201512-04
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in OpenSSH, the worst of which
19 could lead to arbitrary code execution, or cause a Denial of Service
20 condition.
21
22 Background
23 ==========
24
25 OpenSSH is a complete SSH protocol implementation that includes an SFTP
26 client and server support.
27
28 Affected packages
29 =================
30
31 -------------------------------------------------------------------
32 Package / Vulnerable / Unaffected
33 -------------------------------------------------------------------
34 1 net-misc/openssh < 7.1_p1-r2 >= 7.1_p1-r2
35
36 Description
37 ===========
38
39 Multiple vulnerabilities have been discovered in OpenSSH. Please review
40 the CVE identifiers referenced below for details.
41
42 Impact
43 ======
44
45
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All OpenSSH users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot --verbose ">=net-misc/openssh-6.9_p1-r2"
59
60 References
61 ==========
62
63 [ 1 ] CVE-2015-5352
64 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5352
65 [ 2 ] CVE-2015-5600
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5600
67 [ 3 ] CVE-2015-6563
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6563
69 [ 4 ] CVE-2015-6564
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6564
71 [ 5 ] CVE-2015-6565
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6565
73
74 Availability
75 ============
76
77 This GLSA and any updates to it are available for viewing at
78 the Gentoo Security Website:
79
80 https://security.gentoo.org/glsa/201512-04
81
82 Concerns?
83 =========
84
85 Security is a primary focus of Gentoo Linux and ensuring the
86 confidentiality and security of our users' machines is of utmost
87 importance to us. Any security concerns should be addressed to
88 security@g.o or alternatively, you may file a bug at
89 https://bugs.gentoo.org.
90
91 License
92 =======
93
94 Copyright 2015 Gentoo Foundation, Inc; referenced text
95 belongs to its owner(s).
96
97 The contents of this document are licensed under the
98 Creative Commons - Attribution / Share Alike license.
99
100 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature