Lucene search

Slackware Linux ProjectSSA-2016-070-01

HistoryMar 11, 2016 - 1:32 a.m.

[slackware-security] openssh

2016-03-1101:32:41

Slackware Linux Project

www.slackware.com

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.023 Low

EPSS

Percentile

89.6%

JSON

New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:

patches/packages/openssh-7.2p2-i486-1_slack14.1.txz: Upgraded.
This release fixes a security bug:
sshd(8): sanitise X11 authentication credentials to avoid xauth
command injection when X11Forwarding is enabled.
For more information, see:
http://www.openssh.com/txt/x11fwd.adv
https://vulners.com/cve/CVE-2016-3115
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssh-7.2p2-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssh-7.2p2-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssh-7.2p2-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssh-7.2p2-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssh-7.2p2-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssh-7.2p2-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssh-7.2p2-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssh-7.2p2-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssh-7.2p2-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssh-7.2p2-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-7.2p2-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssh-7.2p2-x86_64-1.txz

MD5 signatures:

Slackware 13.0 package:
b972be1994a7ad698b480314dda8215c openssh-7.2p2-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
aa409bb0ad9c425e16275ff5a5dec8b8 openssh-7.2p2-x86_64-1_slack13.0.txz

Slackware 13.1 package:
2bcb8da4c750b54560a36306b72874d1 openssh-7.2p2-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
523287f90f00c280fad6e6de884d8ba8 openssh-7.2p2-x86_64-1_slack13.1.txz

Slackware 13.37 package:
d8276fcb0533d1871fa85d1eb4cd29b6 openssh-7.2p2-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
ef9a81022cc622a405038d64508ab4da openssh-7.2p2-x86_64-1_slack13.37.txz

Slackware 14.0 package:
9a1707edf5463bb8561d4342b193db6c openssh-7.2p2-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
d5bfb6d017ba5ace51aeb19a348793e0 openssh-7.2p2-x86_64-1_slack14.0.txz

Slackware 14.1 package:
aede849b3dacd510823c57f48f97b562 openssh-7.2p2-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
28a23b53f4b0ad1d39c174d85e434147 openssh-7.2p2-x86_64-1_slack14.1.txz

Slackware -current package:
09af232cbf886c9cda11a774d753f87f n/openssh-7.2p2-i586-1.txz

Slackware x86_64 -current package:
aeba7a5c4d0a91e5e35c9590b9c1d029 n/openssh-7.2p2-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg openssh-7.2p2-i486-1_slack14.1.txz

Next, restart the sshd daemon:
> sh /etc/rc.d/rc.sshd restart

OSVersionArchitecturePackageVersionFilename
Slackware13.0i486openssh< 7.2p2openssh-7.2p2-i486-1_slack13.0.txz
Slackware13.0x86_64openssh< 7.2p2openssh-7.2p2-x86_64-1_slack13.0.txz
Slackware13.1i486openssh< 7.2p2openssh-7.2p2-i486-1_slack13.1.txz
Slackware13.1x86_64openssh< 7.2p2openssh-7.2p2-x86_64-1_slack13.1.txz
Slackware13.37i486openssh< 7.2p2openssh-7.2p2-i486-1_slack13.37.txz
Slackware13.37x86_64openssh< 7.2p2openssh-7.2p2-x86_64-1_slack13.37.txz
Slackware14.0i486openssh< 7.2p2openssh-7.2p2-i486-1_slack14.0.txz
Slackware14.0x86_64openssh< 7.2p2openssh-7.2p2-x86_64-1_slack14.0.txz
Slackware14.1i486openssh< 7.2p2openssh-7.2p2-i486-1_slack14.1.txz
Slackware14.1x86_64openssh< 7.2p2openssh-7.2p2-x86_64-1_slack14.1.txz

OS	Version	Architecture	Package	Version	Filename
Slackware	13.0	i486	openssh	< 7.2p2	openssh-7.2p2-i486-1_slack13.0.txz
Slackware	13.0	x86_64	openssh	< 7.2p2	openssh-7.2p2-x86_64-1_slack13.0.txz
Slackware	13.1	i486	openssh	< 7.2p2	openssh-7.2p2-i486-1_slack13.1.txz
Slackware	13.1	x86_64	openssh	< 7.2p2	openssh-7.2p2-x86_64-1_slack13.1.txz
Slackware	13.37	i486	openssh	< 7.2p2	openssh-7.2p2-i486-1_slack13.37.txz
Slackware	13.37	x86_64	openssh	< 7.2p2	openssh-7.2p2-x86_64-1_slack13.37.txz
Slackware	14.0	i486	openssh	< 7.2p2	openssh-7.2p2-i486-1_slack14.0.txz
Slackware	14.0	x86_64	openssh	< 7.2p2	openssh-7.2p2-x86_64-1_slack14.0.txz
Slackware	14.1	i486	openssh	< 7.2p2	openssh-7.2p2-i486-1_slack14.1.txz
Slackware	14.1	x86_64	openssh	< 7.2p2	openssh-7.2p2-x86_64-1_slack14.1.txz