4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
69.3%
New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.
Here are the details from the Slackware 14.1 ChangeLog:
patches/packages/openssh-6.6p1-i486-1_slack14.1.txz: Upgraded.
This update fixes a security issue when using environment passing with
a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH could be
tricked into accepting any environment variable that contains the
characters before the wildcard character.
For more information, see:
https://vulners.com/cve/CVE-2014-2532
(* Security fix *)
Where to find the new packages:
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssh-5.9p1-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssh-5.9p1-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssh-5.9p1-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssh-5.9p1-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssh-5.9p1-i486-3_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssh-5.9p1-x86_64-3_slack13.37.txz
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssh-6.6p1-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssh-6.6p1-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssh-6.6p1-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssh-6.6p1-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-6.6p1-i486-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssh-6.6p1-x86_64-1.txz
MD5 signatures:
Slackware 13.0 package:
0729d3be6a1886c2462522110333abc0 openssh-5.9p1-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
a474f048de648347207bacb21b5f8f28 openssh-5.9p1-x86_64-1_slack13.0.txz
Slackware 13.1 package:
8df387cdf44f359a9de7c3e40ea321c6 openssh-5.9p1-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
e7eb361401849bbcfb0e20ea17181836 openssh-5.9p1-x86_64-1_slack13.1.txz
Slackware 13.37 package:
8404668d896f81b44ddd5e6e2985f590 openssh-5.9p1-i486-3_slack13.37.txz
Slackware x86_64 13.37 package:
b50bb951453824e53dcddbdf1d571561 openssh-5.9p1-x86_64-3_slack13.37.txz
Slackware 14.0 package:
755d1ec29f80ac40636741ddf618715a openssh-6.6p1-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
cc74307ab8875a8fa04a87f18b0cd216 openssh-6.6p1-x86_64-1_slack14.0.txz
Slackware 14.1 package:
1dcb917e01fa83d1cabd59378c81dd32 openssh-6.6p1-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
dfb1f98206ce1e2300fea647a5281486 openssh-6.6p1-x86_64-1_slack14.1.txz
Slackware -current package:
7a5f7c123c397d040fff868afbf86e8b n/openssh-6.6p1-i486-1.txz
Slackware x86_64 -current package:
e6d3cced2c7c9e642d8982b27295a408 n/openssh-6.6p1-x86_64-1.txz
Installation instructions:
Upgrade the package as root:
> upgradepkg openssh-6.6p1-i486-1_slack14.1.txz
Next, restart the sshd daemon:
> sh /etc/rc.d/rc.sshd restart
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
69.3%