RHSA-2016:0465: openssh security update
Description
OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation.These packages include the core files necessary for both the OpenSSH clientand server.It was discovered that the OpenSSH server did not sanitize data receivedin requests to enable X11 forwarding. An authenticated client withrestricted SSH access could possibly use this flaw to bypass intendedrestrictions. (CVE-2016-3115)An access flaw was discovered in OpenSSH; the OpenSSH client did notcorrectly handle failures to generate authentication cookies for untrustedX11 forwarding. A malicious or compromised remote X application couldpossibly use this flaw to establish a trusted connection to the local Xserver, even if only untrusted X11 forwarding was requested.(CVE-2016-1908)All openssh users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. After installing thisupdate, the OpenSSH server daemon (sshd) will be restarted automatically.
Solution(s)
- redhat-upgrade-openssh
- redhat-upgrade-openssh-askpass
- redhat-upgrade-openssh-clients
- redhat-upgrade-openssh-debuginfo
- redhat-upgrade-openssh-keycat
- redhat-upgrade-openssh-ldap
- redhat-upgrade-openssh-server
- redhat-upgrade-openssh-server-sysvinit
- redhat-upgrade-pam_ssh_agent_auth
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center