神刀安全网

Update openssh for CVE-2015-5600 and CVE-2016-3115

On March 21st, the openssh package was updated to patch two moderate vulnerabilities; CVE-2015-5600 and CVE-2016-3115.

How to update

To update, you just need to use yum to update the openssh version on your system. They are already out on the repos.

Check if its available

Check to see if the update is available for you by using this yum command

yuminfoopenssh 

If it shows a new version, then go ahead and update with:

yumupdateopenssh 

Once updated, you can check to see if you’re patched by running the following commands:

rpm -qa --changelogopenssh|grepCVE-2015-5600 

If you are patched, you will see:

- CVE-2015-5600: MaxAuthTrieslimitbypassviaduplicatesin KbdInteractiveDevices (#1245969) 

Then, check the other:

rpm -qa --changelogopenssh|grepCVE-2016-3115 

If you are patched, you will see:

- CVE-2016-3115: missingsanitisationofinputfor X11forwarding (#1317816) 

More info

CVE-2015-5600

It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (Quote from RedHat announcement )

CVE-2016-3115

It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. (Quote from RedHat announcement )

Below are the packages that are being shot out to the mirrors:

CentOS 6:

i386: b21827af15406e5fb1e14d7ab71f160edd0fd8ec6d59ef49a0a561d5d4b8a419  openssh-5.3p1-114.el6_7.i686.rpm 2f8adbe69f2cded0bccb7286ee55bac1ae517f4a2a5bca19914e3f6b190f2a59  openssh-askpass-5.3p1-114.el6_7.i686.rpm 83429d1efd75f100d1f8b705d082813ffef80174809b06cd67ce192344f0816e  openssh-clients-5.3p1-114.el6_7.i686.rpm 80749c749e2e2172ebfa1bdd85d150ed7a54a6c9a693f2aceb5024f6ee5f7f95  openssh-ldap-5.3p1-114.el6_7.i686.rpm 84f986e02d188722130d943aa279a576f5b90125c94bd41bf1669794cac34604  openssh-server-5.3p1-114.el6_7.i686.rpm a800afcd8667f3fcae2424ad39e4b28875324b765a355a6894fa76a148d77e56  pam_ssh_agent_auth-0.9.3-114.el6_7.i686.rpm   x86_64: 077603015723d9c96bed95f4215ae642829f009b7bd4f8b5eb44c214a4cf9b23  openssh-5.3p1-114.el6_7.x86_64.rpm af443f9daefbbb5fed105ed9a70bf59e765dca26589d7c0448e579ba8dd15e62  openssh-askpass-5.3p1-114.el6_7.x86_64.rpm e9be7aece75e15e5cf41e509fb36e0b3e7eb3d2ca847fe100336c20fa78945f3  openssh-clients-5.3p1-114.el6_7.x86_64.rpm 77b33f82d02447a6ff11e2a790cf040d0766c7c36ca7290da7c62ed76a892765  openssh-ldap-5.3p1-114.el6_7.x86_64.rpm 9572a0632e4c9c7fd28a23f14843547629a05fff9586696e62c3617a2278818a  openssh-server-5.3p1-114.el6_7.x86_64.rpm a800afcd8667f3fcae2424ad39e4b28875324b765a355a6894fa76a148d77e56  pam_ssh_agent_auth-0.9.3-114.el6_7.i686.rpm dae8b23912f2b7a76d9b53a1d133dbb18c467e46bf7a08b3e1941a3be4a998e3  pam_ssh_agent_auth-0.9.3-114.el6_7.x86_64.rpm   Source: 1d22a68fb98d5ee4f4cc473b11a2da154568d8a8b4939b568d3094493b4c231a  openssh-5.3p1-114.el6_7.src.rpm 

CentOS 7:

x86_64: 7de3cbf4ec75c073b1aaecf2fae539fe6b95742a7ffd4333f9a45dbb85191130  openssh-6.6.1p1-25.el7_2.x86_64.rpm d1a6a87820d542d51a05017a6b6f14ebe35fce7aa3cb0d9efe2a0750d548a7ef  openssh-askpass-6.6.1p1-25.el7_2.x86_64.rpm 9ccca04375b3466810c7bff2fd902436871468192249fefafba8db1324ca2e48  openssh-clients-6.6.1p1-25.el7_2.x86_64.rpm 03dbf819fecec3fd39f6971b35acf2d385654f87f7e477e068875cfa85678ca2  openssh-keycat-6.6.1p1-25.el7_2.x86_64.rpm 81df6fd13ab30aedc6ef397d476a49d5f272fb569addc8a3f67370a53d6dd1cd  openssh-ldap-6.6.1p1-25.el7_2.x86_64.rpm 29384ae8c514bc7fba475901e73fd502bb61d74e4e70ce64b0006bdd4fd6fc02  openssh-server-6.6.1p1-25.el7_2.x86_64.rpm 8caca16e598dfee9a3559865501a948d7c81d22950038a6d2f89e9e9ba8b5b7a  openssh-server-sysvinit-6.6.1p1-25.el7_2.x86_64.rpm fce6a61ae3a6cc1eb857ddd53a8e27e82521b0a67e09ac6a1bc3e226de5e2dc9  pam_ssh_agent_auth-0.9.3-9.25.el7_2.i686.rpm f9705216270f97985d10275390cb32fbad3325c23bcf03db52956c6bfb45179d  pam_ssh_agent_auth-0.9.3-9.25.el7_2.x86_64.rpm   Source: 2274b5597edc75fe23e6b10b8a727105ca3412906338909331f3da5f87054ff6  openssh-6.6.1p1-25.el7_2.src.rpm 

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » Update openssh for CVE-2015-5600 and CVE-2016-3115

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
分享按钮