openssh-6.6.1p1-22.el7

SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features.

This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.

Security issues fixed with this release:

CVE-2015-5600
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH
through 6.9 does not properly restrict the processing of
keyboard-interactive devices within a single connection, which makes
it easier for remote attackers to conduct brute-force attacks or cause
a denial of service (CPU consumption) via a long and duplicative list
in the ssh -oKbdInteractiveDevices option, as demonstrated by a
modified client that provides a different password for each pam
element on this list.
CVE-2015-6563
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD
platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX
requests, which allows local users to conduct impersonation attacks by
leveraging any SSH login access in conjunction with control of the
sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to
monitor.c and monitor_wrap.c.
CVE-2015-6564
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in
monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might
allow local users to gain privileges by leveraging control of the sshd
uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.

Fixed bugs:

* Previously, the sshd_config(5) man page was misleading and could thus confuse the user. This update improves the man page text to clearly describe the AllowGroups feature.
* The limit for the function for restricting the number of files listed using the wildcard character (*) that prevents the Denial of Service (DoS) for both server and client was previously set too low. Consequently, the user reaching the limit was prevented from listing a directory with a large number of files over Secure File Transfer Protocol (SFTP). This update increases the aforementioned limit, thus fixing this bug.
* When the ForceCommand option with a pseudoterminal was used and the MaxSession option was set to "2", multiplexed SSH connections did not work as expected. After the user attempted to open a second multiplexed connection, the attempt failed if the first connection was still open. This update modifies OpenSSH to issue only one audit message per session, and the user is thus able to open two multiplexed connections in this situation.
* The ssh-copy-id utility failed if the account on the remote server did not use an sh-like shell. Remote commands have been modified to run in an sh-like shell, and ssh-copy-id now works also with non-sh-like shells.
* Due to a race condition between auditing messages and answers when using ControlMaster multiplexing, one session in the shared connection randomly and unexpectedly exited the connection. This update fixes the race condition in the auditing code, and multiplexing connections now work as expected even with a number of sessions created at once.
Enhancements:

* As not all Lightweight Directory Access Protocol (LDAP) servers possess a default schema, as expected by the ssh-ldap-helper program, this update provides the user with an ability to adjust the LDAP query to get public keys from servers with a different schema, while the default functionality stays untouched.
* With this enhancement update, the administrator is able to set permissions for files uploaded using Secure File Transfer Protocol (SFTP).
* This update provides the LDAP schema in LDAP Data Interchange Format (LDIF) format as a complement to the old schema previously accepted by OpenLDAP.
* With this update, the user can selectively disable the Generic Security Services API (GSSAPI) key exchange algorithms as any normal key exchange.