ELSA-2013-0519

Опубликовано: 22 фев. 2013

Источник: oracle-oval

Платформа: Oracle Linux 6

Описание

ELSA-2013-0519: openssh security, bug fix and enhancement update (MODERATE)

[5.3p1-84.1]

Add a 'netcat mode' (ssh -W) (#860809)

[5.3p1-83]

fix the required authentications patch (#869903)

[5.3p1-82]

check return value of PK11_Authenticate in ssh-add -n (#782912)
document available methods to RequiredAuthentications[12] (#821641)
fix ssh-copy-id (#836650)
fix segmentation fault in ssh client (#836655)
update pam_ssh_agent_auth to 0.9.3 upstream version
fix segfault in su when pam_ssh_agent_auth is used and the ssh-agent is not running (#834404)

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

openssh

5.3p1-84.1.el6

openssh-askpass

5.3p1-84.1.el6

openssh-clients

5.3p1-84.1.el6

openssh-ldap

5.3p1-84.1.el6

openssh-server

5.3p1-84.1.el6

pam_ssh_agent_auth

0.9.3-84.1.el6

Oracle Linux i686

openssh

5.3p1-84.1.el6

openssh-askpass

5.3p1-84.1.el6

openssh-clients

5.3p1-84.1.el6

openssh-ldap

5.3p1-84.1.el6

openssh-server

5.3p1-84.1.el6

pam_ssh_agent_auth

0.9.3-84.1.el6

Связанные CVE

CVE-2012-5536

Ссылки на источники

Связанные уязвимости

CVE-2012-5536

redhat

больше 12 лет назад

A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo.

CVE-2012-5536

nvd

больше 12 лет назад

GHSA-xw28-c23x-fjj4

github

больше 3 лет назад