Oval Definition:oval:com.redhat.rhsa:def:20160043
Revision Date:2016-01-14Version:639
Title:RHSA-2016:0043: openssh security update (Moderate)
Description:OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server.

  • An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client. (CVE-2016-0777)

  • A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options. (CVE-2016-0778)

    Red Hat would like to thank Qualys for reporting these issues.

    All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2016-0777
    CVE-2016-0778
    RHSA-2016:0043
    RHSA-2016:0043-00
    RHSA-2016:0043-01
    Platform(s):Red Hat Enterprise Linux 7
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • openssh is earlier than 0:6.6.1p1-23.el7_2
  • AND openssh is signed with Red Hat redhatrelease2 key
  • openssh-askpass is earlier than 0:6.6.1p1-23.el7_2
  • AND openssh-askpass is signed with Red Hat redhatrelease2 key
  • openssh-clients is earlier than 0:6.6.1p1-23.el7_2
  • AND openssh-clients is signed with Red Hat redhatrelease2 key
  • openssh-keycat is earlier than 0:6.6.1p1-23.el7_2
  • AND openssh-keycat is signed with Red Hat redhatrelease2 key
  • openssh-ldap is earlier than 0:6.6.1p1-23.el7_2
  • AND openssh-ldap is signed with Red Hat redhatrelease2 key
  • openssh-server is earlier than 0:6.6.1p1-23.el7_2
  • AND openssh-server is signed with Red Hat redhatrelease2 key
  • openssh-server-sysvinit is earlier than 0:6.6.1p1-23.el7_2
  • AND openssh-server-sysvinit is signed with Red Hat redhatrelease2 key
  • pam_ssh_agent_auth is earlier than 0:0.9.3-9.23.el7_2
  • AND pam_ssh_agent_auth is signed with Red Hat redhatrelease2 key
  • BACK