RHSA-2013:0519: openssh security, bug fix and enhancement update
|6||(AV:L/AC:H/Au:N/C:C/I:C/A:C)||February 21, 2013||February 21, 2013||July 04, 2017|
OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. Thesepackages include the core files necessary for the OpenSSH client andserver.Due to the way the pam_ssh_agent_auth PAM module was built in Red HatEnterprise Linux 6, the glibc's error() function was called rather than theintended error() function in pam_ssh_agent_auth to report errors. As thesetwo functions expect different arguments, it was possible for an attackerto cause an application using pam_ssh_agent_auth to crash, discloseportions of its memory or, potentially, execute arbitrary code.(CVE-2012-5536)Note that the pam_ssh_agent_auth module is not used in Red Hat EnterpriseLinux 6 by default.This update also fixes the following bugs:This update also adds the following enhancements:All users of openssh are advised to upgrade to these updated packages,which fix these issues and add these enhancements. After installing thisupdate, the OpenSSH server daemon (sshd) will be restarted automatically.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities