Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2018-0980

Опубликовано: 16 апр. 2018
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2018-0980: openssh security, bug fix, and enhancement update (LOW)

[7.4p1-16 + 0.10.3-2]

  • Fix for CVE-2017-15906 (#1517226)

[7.4p1-15 + 0.10.3-2]

  • Do not hang if SSH AuthorizedKeysCommand output is too large (#1496467)
  • Do not segfault pam_ssh_agent_auth if keyfile is missing (#1494268)
  • Do not segfault in audit code during cleanup (#1488083)
  • Add WinSCP 5.10+ compatibility (#1496808)
  • Clatch between ClientAlive and rekeying timeouts (#1480510)
  • Exclude dsa and ed25519 from default proposed keys in FIPS mode (#1456853)
  • Add enablement for openssl-ibmca and openssl-ibmpkcs11 (#1478035)

[7.4p1-14 + 0.10.3-2]

  • Rebuilt for RHEL-7.5

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

openssh

7.4p1-16.el7

openssh-askpass

7.4p1-16.el7

openssh-cavs

7.4p1-16.el7

openssh-clients

7.4p1-16.el7

openssh-keycat

7.4p1-16.el7

openssh-ldap

7.4p1-16.el7

openssh-server

7.4p1-16.el7

openssh-server-sysvinit

7.4p1-16.el7

pam_ssh_agent_auth

0.10.3-2.16.el7

Oracle Linux x86_64

openssh

7.4p1-16.el7

openssh-askpass

7.4p1-16.el7

openssh-cavs

7.4p1-16.el7

openssh-clients

7.4p1-16.el7

openssh-keycat

7.4p1-16.el7

openssh-ldap

7.4p1-16.el7

openssh-server

7.4p1-16.el7

openssh-server-sysvinit

7.4p1-16.el7

pam_ssh_agent_auth

0.10.3-2.16.el7

Связанные CVE

CVE-2017-15906

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2017-15906

CVSS3: 5.3
ubuntu
около 8 лет назад

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

redhat логотип

CVE-2017-15906

CVSS3: 4.3
redhat
около 8 лет назад

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

nvd логотип

CVE-2017-15906

CVSS3: 5.3
nvd
около 8 лет назад

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

debian логотип

CVE-2017-15906

CVSS3: 5.3
debian
около 8 лет назад

The process_open function in sftp-server.c in OpenSSH before 7.6 does ...

github логотип

GHSA-543w-q592-87ph

CVSS3: 5.3
github
больше 3 лет назад

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.