Oval Definition:oval:com.redhat.rhsa:def:20170641
Revision Date:2017-03-21Version:637
Title:RHSA-2017:0641: openssh security and bug fix update (Moderate)
Description:OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

  • It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root. (CVE-2015-8325)

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2015-8325
    RHSA-2017:0641
    RHSA-2017:0641-00
    RHSA-2017:0641-01
    RHSA-2017:0641-01
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • openssh is earlier than 0:5.3p1-122.el6
  • AND openssh is signed with Red Hat redhatrelease2 key
  • openssh-askpass is earlier than 0:5.3p1-122.el6
  • AND openssh-askpass is signed with Red Hat redhatrelease2 key
  • openssh-clients is earlier than 0:5.3p1-122.el6
  • AND openssh-clients is signed with Red Hat redhatrelease2 key
  • openssh-ldap is earlier than 0:5.3p1-122.el6
  • AND openssh-ldap is signed with Red Hat redhatrelease2 key
  • openssh-server is earlier than 0:5.3p1-122.el6
  • AND openssh-server is signed with Red Hat redhatrelease2 key
  • pam_ssh_agent_auth is earlier than 0:0.9.3-122.el6
  • AND pam_ssh_agent_auth is signed with Red Hat redhatrelease2 key
    • BACK