openssh-7.4p1-11.el7

エラータID: AXSA:2017-1912:03

リリース日: 
2017/08/28 Monday - 05:47
題名: 
openssh-7.4p1-11.el7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features.

This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.

CVE-2016-10009
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH
before 7.2 allows remote attackers to execute arbitrary local PKCS#11
modules by leveraging control over a forwarded agent-socket.

CVE-2016-10011
authfile.c in sshd in OpenSSH before 7.2 does not properly consider the
effects of realloc on buffer contents, which might allow local users to obtain
sensitive private-key information by leveraging access to a
privilege-separated child process.

CVE-2016-10012
The shared memory manager (associated with pre-authentication compression)
in sshd in OpenSSH before 7.2 does not ensure that a bounds check is
enforced by all compilers, which might allows local users to gain privileges by
leveraging access to a sandboxed privilege-separation process, related to the
m_zback and m_zlib data structures.

解決策: 

Update packages.

CVE: 
CVE-2016-10009
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
CVE-2016-10011
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
CVE-2016-10012
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. openssh-7.4p1-11.el7.src.rpm
    MD5: 31569f3bbe12616aeca6ed9c3393e3f3
    SHA-256: c65ea54999a59e5f838e40f429537f6c19bf87e480a582afda11880c109fc508
    Size: 2.72 MB

Asianux Server 7 for x86_64
  1. openssh-7.4p1-11.el7.x86_64.rpm
    MD5: 2c81677a402fffbba3eb9d8d5ae72ac8
    SHA-256: fd346f621765e3133d35b0f55a938d4ee489f4d804f19ed735e905a8b74d28cd
    Size: 507.92 kB
  2. openssh-askpass-7.4p1-11.el7.x86_64.rpm
    MD5: e22c01f0fd56c7fb64ac2e70dd5ce242
    SHA-256: 9a6443dc2422056dc25b4e7d5d4c3cc601216040c3f0bf91c5297247608dde4b
    Size: 74.39 kB
  3. openssh-clients-7.4p1-11.el7.x86_64.rpm
    MD5: ca4d01737ebdfbf10a9736f41e66d87c
    SHA-256: a46add670f57c2e11e50a4fb01b75c48c34f69927ce9d31f37d7a50455eb47b8
    Size: 652.46 kB
  4. openssh-keycat-7.4p1-11.el7.x86_64.rpm
    MD5: f1dff377de3b811ee8c22d9e393eedf7
    SHA-256: 1db46fa0175d3453c9f947f3ef8c92cd081d387911146f02546800081d895caf
    Size: 94.65 kB
  5. openssh-server-7.4p1-11.el7.x86_64.rpm
    MD5: 693b029db6d343f7d19a752980aa40e0
    SHA-256: 5efd247cb5fd28774697f6e7eafa75d2dd6c17d924984f3da6df2eb192d88b13
    Size: 456.55 kB