GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun May 11, 2014 2:26 pm Post subject: [ GLSA 201405-06 ] OpenSSH: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: OpenSSH: Multiple vulnerabilities (GLSA 201405-06)
Severity: high
Exploitable: remote
Date: May 11, 2014
Bug(s): #231292, #247466, #386307, #410869, #419357, #456006, #505066
ID: 201405-06
Synopsis
Multiple vulnerabilities have been found in OpenSSH, the worst of
which may allow remote attackers to execute arbitrary code.
Background
OpenSSH is a complete SSH protocol implementation that includes an SFTP
client and server support.
Affected Packages
Package: net-misc/openssh
Vulnerable: < 6.6_p1-r1
Unaffected: >= 6.6_p1-r1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in OpenSSH. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could execute arbitrary code, cause a Denial of
Service condition, obtain sensitive information, or bypass environment
restrictions.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSH users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/openssh-6.6_p1-r1"
|
NOTE: One or more of the issues described in this advisory have been
fixed in previous updates. They are included in this advisory for the
sake of completeness. It is likely that your system is already no longer
affected by them.
References
CVE-2008-5161
CVE-2010-4478
CVE-2010-4755
CVE-2010-5107
CVE-2011-5000
CVE-2012-0814
CVE-2014-2532
|
|
News & Announcements
