Oracle Linux 6 : openssh (ELSA-2014-1552)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1552 advisory. - prevent a server from skipping SSHFP lookup 1081338 CVE-2014-2653 - ignore environment variables with embedded '=' or '\0' characters CVE-2014-2532...

Moderate: Red Hat Security Advisory: openssh security, bug fix, and enhancement update

Updated openssh packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

AIX OpenSSH Vulnerability : openssh_advisory4.asc

The version of OpenSSH running on the remote host is affected by multiple security bypass vulnerabilities : - sshd in OpenSSH versions before 6.6 do not properly support wildcards on AcceptEnv lines in sshdconfig, which allow a remote attacker to bypass intended environment restrictions by using ...

SuSE 11.3 Security Update : openssh (SAT Patch Number 9357)

This update for OpenSSH fixes the following issues : - Exit sshd normally when port is already in use. bnc832628 - Use hardware crypto engines where available. bnc826427 - Use correct options for login when it is used. bnc833605 - Move FIPS messages to higher debug level. bnc862875 - Fix forwardi...

Fedora 19 : openssh-6.2p2-8.fc19 (2014-6569)

environment variables with embedded '=' or '0' characters are now ignored - prevents a server from skipping SSHFP lookup and forcing a new-hostkey dialog by offering only certificate keys - /etc/ssh/moduli is readable by all now - ssh-copy-id is run in so called legacy mode when SSHCOPYIDLEGACY...

Fedora 20 : openssh-6.4p1-4.fc20 (2014-6380)

environment variables with embedded '=' or '\0' characters are now ignored - prevents a server from skipping SSHFP lookup and forcing a new-hostkey dialog by offering only certificate keys - ssh-agent is now suspend-aware as it gets also CLOCKBOOTTIME time - /etc/ssh/moduli is readable by all now...

[BSA-095] Security Update for openssh

Colin Watson uploaded new packages for openssh which fixed the following security problems: CVE-2014-2532 DSA-2894-1 Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to trick OpenSSH into accepting any environment variable...

Mandriva Linux Security Advisory : openssh (MDVSA-2014:068)

Updated openssh packages fixes security vulnerabilities : sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character...

OpenSSH Certificate Validation Security Bypass Vulnerability

OpenSSH is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:openssh";...

Updated openssh packages fix CVE-2014-2653

Updated openssh packages fix security vulnerability: Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a...

MGASA-2014-0166 Updated openssh packages fix CVE-2014-2653

Updated openssh packages fix security vulnerability: Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a...

Ubuntu Update for openssh USN-2164-1

Check for the Version of openssh OpenVAS Vulnerability Test $Id: gbubuntuUSN21641.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for openssh USN-2164-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software...

Ubuntu: Security Advisory (USN-2164-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[USN-2164-1] OpenSSH vulnerability

========================================================================== Ubuntu Security Notice USN-2164-1 April 07, 2014 openssh vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Ubuntu 12.04 LTS / 12.10 / 13.10 : openssh vulnerability (USN-2164-1)

Matthew Vernon discovered that OpenSSH did not correctly check SSHFP DNS records if a server presented an unacceptable host certificate. A malicious server could use this issue to disable SSHFP checking. Note that Tenable Network Security has extracted the preceding description block directly fro...

OpenSSH protection bypass

SSHFP protection bypass for client...

Debian DSA-2894-1 : openssh - security update

Two vulnerabilities were discovered in OpenSSH, an implementation of the SSH protocol suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-2532 Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker...

[SECURITY] [DSA 2894-1] openssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2894-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 05, 2014 http://www.debian.org/security/faq -...

DSA-2894-1 openssh - security update

Bulletin has no description...

Debian Security Advisory DSA 2894-1 (openssh - security update)

Two vulnerabilities were discovered in OpenSSH, an implementation of the SSH protocol suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-2532 Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker coul...