[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[BSA-087] Security Update for openssh

Colin Watson uploaded new packages for openssh which fixed the following
security problems:

  A memory corruption vulnerability exists in the post-authentication
  sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or
  aes256-gcm@openssh.com) is selected during kex exchange.

  If exploited, this vulnerability might permit code execution with the
  privileges of the authenticated user and may therefore allow bypassing
  restricted shell/command configurations.


For the wheezy-backports distribution, this problem has been fixed in
version 1:6.4p1-1~bpo70+1.

For the testing (jessie) and unstable (sid) distributions, this problem
has been fixed in version 1:6.4p1-1.

Other distributions are not vulnerable.

Colin Watson                                       [cjwatson@debian.org]

Attachment: signature.asc
Description: Digital signature

Reply to: