8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
67.3%
CentOS Errata and Security Advisory CESA-2016:0043
OpenSSH is OpenBSD’s SSH (Secure Shell) protocol implementation.
These packages include the core files necessary for both the OpenSSH client
and server.
An information leak flaw was found in the way the OpenSSH client roaming
feature was implemented. A malicious server could potentially use this flaw
to leak portions of memory (possibly including private SSH keys) of a
successfully authenticated OpenSSH client. (CVE-2016-0777)
A buffer overflow flaw was found in the way the OpenSSH client roaming
feature was implemented. A malicious server could potentially use this flaw
to execute arbitrary code on a successfully authenticated OpenSSH client if
that client used certain non-default configuration options. (CVE-2016-0778)
Red Hat would like to thank Qualys for reporting these issues.
All openssh users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the OpenSSH server daemon (sshd) will be restarted automatically.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-January/083776.html
Affected packages:
openssh
openssh-askpass
openssh-clients
openssh-keycat
openssh-ldap
openssh-server
openssh-server-sysvinit
pam_ssh_agent_auth
Upstream details at:
https://access.redhat.com/errata/RHSA-2016:0043
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | x86_64 | openssh | < 6.6.1p1-23.el7_2 | openssh-6.6.1p1-23.el7_2.x86_64.rpm |
CentOS | 7 | x86_64 | openssh-askpass | < 6.6.1p1-23.el7_2 | openssh-askpass-6.6.1p1-23.el7_2.x86_64.rpm |
CentOS | 7 | x86_64 | openssh-clients | < 6.6.1p1-23.el7_2 | openssh-clients-6.6.1p1-23.el7_2.x86_64.rpm |
CentOS | 7 | x86_64 | openssh-keycat | < 6.6.1p1-23.el7_2 | openssh-keycat-6.6.1p1-23.el7_2.x86_64.rpm |
CentOS | 7 | x86_64 | openssh-ldap | < 6.6.1p1-23.el7_2 | openssh-ldap-6.6.1p1-23.el7_2.x86_64.rpm |
CentOS | 7 | x86_64 | openssh-server | < 6.6.1p1-23.el7_2 | openssh-server-6.6.1p1-23.el7_2.x86_64.rpm |
CentOS | 7 | x86_64 | openssh-server-sysvinit | < 6.6.1p1-23.el7_2 | openssh-server-sysvinit-6.6.1p1-23.el7_2.x86_64.rpm |
CentOS | 7 | i686 | pam_ssh_agent_auth | < 0.9.3-9.23.el7_2 | pam_ssh_agent_auth-0.9.3-9.23.el7_2.i686.rpm |
CentOS | 7 | x86_64 | pam_ssh_agent_auth | < 0.9.3-9.23.el7_2 | pam_ssh_agent_auth-0.9.3-9.23.el7_2.x86_64.rpm |
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
67.3%