AXSA:2016-145:01

Release date: 
Tuesday, March 22, 2016 - 03:58
Subject: 
openssh-5.3p1-114.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features.

This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.

Security issues fixed with this release:

CVE-2015-5600
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH
through 6.9 does not properly restrict the processing of
keyboard-interactive devices within a single connection, which makes
it easier for remote attackers to conduct brute-force attacks or cause
a denial of service (CPU consumption) via a long and duplicative list
in the ssh -oKbdInteractiveDevices option, as demonstrated by a
modified client that provides a different password for each pam
element on this list.
CVE-2016-3115
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. openssh-5.3p1-114.AXS4.src.rpm
    MD5: 9ebf0bd3429b60fc3b8891443d798cf4
    SHA-256: 671f8173a1396c1c92c9b5ca6660dbd5d544f7df974f8ac5a490c9938dac1c25
    Size: 1.43 MB

Asianux Server 4 for x86
  1. openssh-5.3p1-114.AXS4.i686.rpm
    MD5: 07fed98e9319720a0c38500d2c1160a8
    SHA-256: 888d08ccaf1c737ca0b18cbcbd928c07ee3cc4261d1602b5a56100a61f3c4f3c
    Size: 276.18 kB
  2. openssh-askpass-5.3p1-114.AXS4.i686.rpm
    MD5: 0fa0b71afc9e32f7630dc97ce2268421
    SHA-256: e0c4f0bc979ed8f91d784e3992e66322bf3b8d450643aecb94cad504ed7f9dbe
    Size: 57.98 kB
  3. openssh-clients-5.3p1-114.AXS4.i686.rpm
    MD5: d4ffbf0d5b7abc359d848468c35cac2b
    SHA-256: cc6debef6ba7ceb7e7a23da2b6693ce013a5b2e005a287bdf02d971775d96539
    Size: 444.55 kB
  4. openssh-server-5.3p1-114.AXS4.i686.rpm
    MD5: 20ae95099cdb403163e5b0b42c6e163d
    SHA-256: 9a2eea024ec2019b8e0f107d68135d4f78970078ecae19ce322704cf6c15722d
    Size: 322.33 kB

Asianux Server 4 for x86_64
  1. openssh-5.3p1-114.AXS4.x86_64.rpm
    MD5: d8df20bd224283b6f72f74b0cf6a46ce
    SHA-256: 75814a7a8d98bbe370ccdbe15faea8f6fb75093c94525179faa68920ccd36fc2
    Size: 273.30 kB
  2. openssh-askpass-5.3p1-114.AXS4.x86_64.rpm
    MD5: 309129d99e06e8cb8f8c4b45b2ada913
    SHA-256: 196db5da14c9502a82805496e57a9878e14a6205216aa476bb8bde3e84e48a9d
    Size: 57.71 kB
  3. openssh-clients-5.3p1-114.AXS4.x86_64.rpm
    MD5: 87e622a58f6d0727b95eff83da6ab982
    SHA-256: 6351ac333275c006fea4fa7fb30789a5a2c6773395165aa78b8a77e064856c31
    Size: 437.71 kB
  4. openssh-server-5.3p1-114.AXS4.x86_64.rpm
    MD5: 3b58c32335f53a42369a14154476123a
    SHA-256: 18345e62a3b62addc3657414ec58e183bed516060c800cb2b51c230afe704f6c
    Size: 323.34 kB
Copyright© 2007-2015 Asianux. All rights reserved.