Updated openssh packages fix security vulnerability

🗓️ 10 Mar 2016 23:37:43Reported by Gentoo FoundationType

Updated openssh packages fix security vulnerability. Missing sanitisation of untrusted input allows injection of commands to xauth(1) (CVE-2016-3115)

Reporter	Title	Published	Views	Family All 205
0day.today	DropBearSSHD 2015.71 - Command Injection	3 Mar 201600:00	–	zdt
0day.today	OpenSSH 7.2p1 - Authenticated xauth Command Injection	16 Mar 201600:00	–	zdt
0day.today	BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Root Exploit	5 Dec 201600:00	–	zdt
IBM Security Bulletins	Security Bulletin: Vulnerabilities in OpenSSH affect IBM Flex System Manager (FSM)	18 Jun 201801:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in OpenSSH (CVE-2016-3115, CVE-2016-1908)	16 Jun 201821:44	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in OpenSSH affect IBM i (CVE-2016-1907, CVE-2016-1908, CVE-2016-3115)	18 Dec 201914:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in OpenSSH (CVE-2016-3115, CVE-2016-1908)	16 Jun 201821:44	–	ibm
IBM Security Bulletins	Security Bulletin: A Vulnerability in OpenSSH and Multiple Vulnerabilities in OpenSSL affect IBM GPFS V3.5 for Windows	25 Jun 202116:46	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in OpenSSH affect Power Hardware Management Console	23 Sep 202101:31	–	ibm
ALT Linux	Security fix for the ALT Linux 7 package openssh version 6.7p1-alt1.M70P.2	14 Mar 201600:00	–	altlinux

OS	OS Version	Architecture	Package	Package Version	Filename
Mageia	5	any	openssh	6.6p1-5.7	openssh-6.6p1-5.7.noarch.rpm

Source	Link
bugs	www.bugs.mageia.org/show_bug.cgi
openssh	www.openssh.com/txt/x11fwd.adv
openwall	www.openwall.com/lists/oss-security/2016/03/10/16

10 Mar 2016 23:37Current

3.2Low risk

Vulners AI Score3.2

CVSS 25.5

CVSS 36.4

CVSS 3.16.4

EPSS0.37016

SSVC