RE: [SECURITY] [DSA 3550-1] openssh security update

To: "'debian-security@lists.debian.org'" <debian-security@lists.debian.org>, "debian-security-announce@lists.debian.org" <debian-security-announce@lists.debian.org>
Subject: RE: [SECURITY] [DSA 3550-1] openssh security update
From: Damien MURE <Damien.MURE@atih.sante.fr>
Date: Mon, 18 Apr 2016 07:22:39 +0000
Message-id: <[🔎] 20160418073621.927D1135@bendel.debian.org>
In-reply-to: <20160415170909.GA23855@pisco.westfalen.local>
References: <20160415170909.GA23855@pisco.westfalen.local>

Mise à jour securité sur ssh.

A+



Damien Mure
Ingénieur Systèmes & Réseaux
Pôle Système et réseau - Service Architecture et production informatiques
Agence technique de l'information sur l'hospitalisation (ATIH)
117, bd Marius Vivier Merle 69329 Lyon cedex 03
Tél: 04 37 91 33 18
damien.mure@atih.sante.fr - www.atih.sante.fr 



-----Message d'origine-----
De : Moritz Muehlenhoff [mailto:jmm@debian.org] 
Envoyé : vendredi 15 avril 2016 19:09
À : debian-security-announce@lists.debian.org
Objet : [SECURITY] [DSA 3550-1] openssh security update
Importance : Haute

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3550-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 15, 2016                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openssh
CVE ID         : CVE-2015-8325

Shayan Sadigh discovered a vulnerability in OpenSSH: If PAM support is enabled and the sshd PAM configuration is configured to read user- specified environment variables and the "UseLogin" option is enabled, a local user may escalate her privileges to root.

In Debian "UseLogin" is not enabled by default.

For the oldstable distribution (wheezy), this problem has been fixed in version 6.0p1-4+deb7u4.

For the stable distribution (jessie), this problem has been fixed in version 6.7p1-5+deb8u2.

For the unstable distribution (sid), this problem has been fixed in version 1:7.2p2-3.

We recommend that you upgrade your openssh packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXER/aAAoJEBDCk7bDfE42NewQAI+mY4sv/x7S9hBMTqozVfKs
9G2H2qAfE23PIs3a/IPsdmdTK+baavJBCWMKSQCgaBcorl+t1dE8hWBnWu7Hp+SY
jBh+a8jTr6ZvaTVotePwmyjLeJiHoQ6YmgMS41QT05dxXhuVmFYAtCZ2oF6isxGk
vgVdsHDfZ4Z72b5CODACyAG1twmFgqWu7VNwqhqNGfA/+vgNrk5iAa2b5iOAbXrh
AyzVFFuQr+vbvHlAI/fBW/oeHvlDZuTUiNqRGQ4I0ELiFcjBJoTUo08qXww1GFU9
aIwO0w/rv/qmRFzDK5dasA/VSGza8pmdXj64HcDFNdpoJPrwL3JD/PT1l3sA4vcW
GaNsmHn8ZQAMSn50WomPiqrwc+4F+fcXRz/VTUrQdrIplQ7NikB26oxB8Y3/8rws
Pzjv6MDOF+LSMAoC6E7NjeAO6S55cXv6VCoRMPYEDVcVcwOKqxXCvA4p/3wBo/D6
okZI0DgrwbygBMlpSUyF6c3QDgazgzVvdPed3sZnBPMEvbFbaPEO52ijQpT/majX
wZtENdhTD4vX7glwBoA67ZRRBVSjpTZu2jTELFLjJaOOMCPWrj+GEE65wWDYa+Sx
es1bq7thEuR/sV1QJf3XDt8KQHLF836ixL9c6XblvqNBXSr98yf8ZFZM5nqgq/2O
MrVWLIbaBJbfUSXBINTp
=sYuW
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: RE: [SECURITY] [DSA 3549-1] chromium-browser security update
Next by Date: Re: [SECURITY] [DSA 3552-1] tomcat7 security update
Previous by thread: R: Re: [SECURITY] [DSA 3549-1] chromium-browser security update
Next by thread: Re: [SECURITY] [DSA 3552-1] tomcat7 security update
Index(es):
- Date
- Thread