RHSA-2016:0043: openssh security update
Description
OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation.These packages include the core files necessary for both the OpenSSH clientand server.An information leak flaw was found in the way the OpenSSH client roamingfeature was implemented. A malicious server could potentially use this flawto leak portions of memory (possibly including private SSH keys) of asuccessfully authenticated OpenSSH client. (CVE-2016-0777)A buffer overflow flaw was found in the way the OpenSSH client roamingfeature was implemented. A malicious server could potentially use this flawto execute arbitrary code on a successfully authenticated OpenSSH client ifthat client used certain non-default configuration options. (CVE-2016-0778)Red Hat would like to thank Qualys for reporting these issues.All openssh users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. After installing thisupdate, the OpenSSH server daemon (sshd) will be restarted automatically.
Solution(s)
- redhat-upgrade-openssh
- redhat-upgrade-openssh-askpass
- redhat-upgrade-openssh-clients
- redhat-upgrade-openssh-debuginfo
- redhat-upgrade-openssh-keycat
- redhat-upgrade-openssh-ldap
- redhat-upgrade-openssh-server
- redhat-upgrade-openssh-server-sysvinit
- redhat-upgrade-pam_ssh_agent_auth
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center