Joined: 12 May 2004
|Posted: Sun May 11, 2014 2:26 pm Post subject: [ GLSA 201405-06 ] OpenSSH: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: OpenSSH: Multiple vulnerabilities (GLSA 201405-06)
Date: May 11, 2014
Bug(s): #231292, #247466, #386307, #410869, #419357, #456006, #505066
Multiple vulnerabilities have been found in OpenSSH, the worst of
which may allow remote attackers to execute arbitrary code.
OpenSSH is a complete SSH protocol implementation that includes an SFTP
client and server support.
Vulnerable: < 6.6_p1-r1
Unaffected: >= 6.6_p1-r1
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in OpenSSH. Please review
the CVE identifiers referenced below for details.
A remote attacker could execute arbitrary code, cause a Denial of
Service condition, obtain sensitive information, or bypass environment
There is no known workaround at this time.
All OpenSSH users should upgrade to the latest version:
NOTE: One or more of the issues described in this advisory have been
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/openssh-6.6_p1-r1"
fixed in previous updates. They are included in this advisory for the
sake of completeness. It is likely that your system is already no longer
affected by them.