GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Dec 21, 2015 2:26 pm Post subject: [ GLSA 201512-04 ] OpenSSH |
|
|
Gentoo Linux Security Advisory
Title: OpenSSH: Multiple vulnerabilities (GLSA 201512-04)
Severity: normal
Exploitable: remote
Date: December 20, 2015
Updated: December 21, 2015
Bug(s): #553724, #555518, #557340
ID: 201512-04
Synopsis
Multiple vulnerabilities have been found in OpenSSH, the worst of
which could lead to arbitrary code execution, or cause a Denial of Service
condition.
Background
OpenSSH is a complete SSH protocol implementation that includes an SFTP
client and server support.
Affected Packages
Package: net-misc/openssh
Vulnerable: < 7.1_p1-r2
Unaffected: >= 7.1_p1-r2
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in OpenSSH. Please review
the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All openssh users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/openssh-7.1_p1-r2"
|
References
CVE-2015-5352
CVE-2015-5600
CVE-2015-6563
CVE-2015-6564
CVE-2015-6565
Last edited by GLSA on Tue Dec 22, 2015 4:18 am; edited 1 time in total |
|