Gentoo Logo

OpenSSH: Multiple vulnerabilities


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 201405-06 / openssh
Release Date May 11, 2014
Latest Revision May 11, 2014: 1
Impact high
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-misc/openssh < 6.6_p1-r1 >= 6.6_p1-r1 All supported architectures

Related bugreports: #231292, #247466, #386307, #410869, #419357, #456006, #505066


Multiple vulnerabilities have been found in OpenSSH, the worst of which may allow remote attackers to execute arbitrary code.

2.  Impact Information


OpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support.


Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.


A remote attacker could execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, or bypass environment restrictions.

3.  Resolution Information


There is no known workaround at this time.


All OpenSSH users should upgrade to the latest version:

Code Listing 3.1: Resolution

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=net-misc/openssh-6.6_p1-r1"

NOTE: One or more of the issues described in this advisory have been fixed in previous updates. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them.

4.  References


Page updated May 11, 2014

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.