Gentoo Logo

OpenSSH: Multiple vulnerabilities

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 201405-06 / openssh
Release Date May 11, 2014
Latest Revision May 11, 2014: 1
Impact high
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-misc/openssh < 6.6_p1-r1 >= 6.6_p1-r1 All supported architectures

Related bugreports: #231292, #247466, #386307, #410869, #419357, #456006, #505066

Synopsis

Multiple vulnerabilities have been found in OpenSSH, the worst of which may allow remote attackers to execute arbitrary code.

2.  Impact Information

Background

OpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support.

Description

Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, or bypass environment restrictions.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All OpenSSH users should upgrade to the latest version:

Code Listing 3.1: Resolution

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=net-misc/openssh-6.6_p1-r1"

NOTE: One or more of the issues described in this advisory have been fixed in previous updates. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them.

4.  References



Print

Page updated May 11, 2014

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.