openssh-7.4p1-16.el7

エラータID: AXSA:2018-2845:01

Release date: 
Tuesday, April 17, 2018 - 14:29
Subject: 
openssh-7.4p1-16.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

* openssh: Improper write operations in readonly mode allow for zero-length file creation (CVE-2017-15906)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.5 Release Notes linked from the References section.

CVE-2017-15906
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Solution: 

Update packages.

CVEs: 
CVE-2017-15906
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Additional Info: 

N/A

Download: 

SRPMS
  1. openssh-7.4p1-16.el7.src.rpm
    MD5: bcbd45aef63056372f0735e776422071
    SHA-256: 0259f731d282598fb48f00ca263b69d7a07524879da89407a9c7c6c40278ed72
    Size: 2.73 MB

Asianux Server 7 for x86_64
  1. openssh-7.4p1-16.el7.x86_64.rpm
    MD5: 7b22137ecbbbe057e0e796fb3a72703a
    SHA-256: 7c5b1c54505b3a9b418c137999d789af4f5fdb59b42abeeb4356be715719946b
    Size: 508.18 kB
  2. openssh-askpass-7.4p1-16.el7.x86_64.rpm
    MD5: 2af5bcf72e8ccfd156af03741a5e09f1
    SHA-256: ab46d7beb9f563b3ffb8846df53135845726acb3d3fc79466d646e382a373fbd
    Size: 75.31 kB
  3. openssh-clients-7.4p1-16.el7.x86_64.rpm
    MD5: bfa025bcc965478a391ace4a17f773a9
    SHA-256: 55cec0e2c6e95308f0f594d56285de8b79c1b34d1c1fdc099ab9358eabdb462f
    Size: 652.98 kB
  4. openssh-keycat-7.4p1-16.el7.x86_64.rpm
    MD5: 7f90496317383b9e785be71840b857f1
    SHA-256: bc57546416e24cf278e77dca70aa5eeacccbcf4a0fe93d7ae5effff3c09039e1
    Size: 95.60 kB
  5. openssh-server-7.4p1-16.el7.x86_64.rpm
    MD5: cc45650b2156e9733dde95564378a7cb
    SHA-256: 753150fe774f4309b2559327b0ce510a20cb57aba5bf223e3e10f80f35d051c1
    Size: 457.42 kB