Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-2088)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.122744

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2015-2088)

Resumen: The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2015-2088 advisory.

Descripción: Summary:
The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2015-2088 advisory.

Vulnerability Insight:
[6.6.1p1-22]
- Use the correct constant for glob limits (#1160377)

[6.6.1p1-21]
- Extend memory limit for remote glob in sftp acc. to stat limit (#1160377)

[6.6.1p1-20]
- Fix vulnerabilities published with openssh-7.0 (#1265807)
- Privilege separation weakness related to PAM support
- Use-after-free bug related to PAM support

[6.6.1p1-19]
- Increase limit of files for glob match in sftp to 8192 (#1160377)

[6.6.1p1-18]
- Add GSSAPIKexAlgorithms option for server and client application (#1253062)

[6.6.1p1-17]
- Security fixes released with openssh-6.9 (CVE-2015-5352) (#1247864)
- XSECURITY restrictions bypass under certain conditions in ssh(1) (#1238231)
- weakness of agent locking (ssh-add -x) to password guessing (#1238238)

[6.6.1p1-16]
- only query each keyboard-interactive device once (CVE-2015-5600) (#1245971)

[6.6.1p1-15]
- One more typo in manual page documenting TERM variable (#1162683)
- Fix race condition with auditing messages answers (#1240613)

[6.6.1p1-14]
- Fix ldif schema to have correct spacing on newlines (#1184938)
- Add missing values for sshd test mode (#1187597)
- ssh-copy-id: tcsh doesn't work with multiline strings (#1201758)
- Fix memory problems with newkeys and array transfers (#1223218)
- Enhance AllowGroups documentation in man page (#1150007)

[6.6.1p1-13]
- Increase limit of files for glob match in sftp (#1160377)
- Add pam_reauthorize.so to /etc/pam.d/sshd (#1204233)
- Show all config values in sshd test mode (#1187597)
- Document required selinux boolean for working ssh-ldap-helper (#1178116)
- Consistent usage of pam_namespace in sshd (#1125110)
- Fix auditing when using combination of ForcedCommand and PTY (#1199112)
- Add sftp option to force mode of created files (#1197989)
- Ability to specify an arbitrary LDAP filter in ldap.conf for ssh-ldap-helper (#1201753)
- Provide documentation line for systemd service and socket (#1181591)
- Provide LDIF version of LPK schema (#1184938)
- Document TERM environment variable (#1162683)
- Fix ssh-copy-id on non-sh remote shells (#1201758)
- Do not read RSA1 hostkeys for HostBased authentication in FIPS (#1197666)

Affected Software/OS:
'openssh' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-5600
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
BugTraq ID: 75990
http://www.securityfocus.com/bid/75990
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
BugTraq ID: 92012
http://www.securityfocus.com/bid/92012
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html
http://seclists.org/fulldisclosure/2015/Jul/92
https://security.gentoo.org/glsa/201512-04
https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
http://openwall.com/lists/oss-security/2015/07/23/4
RedHat Security Advisories: RHSA-2016:0466
http://rhn.redhat.com/errata/RHSA-2016-0466.html
http://www.securitytracker.com/id/1032988
SuSE Security Announcement: SUSE-SU-2015:1581 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
http://www.ubuntu.com/usn/USN-2710-1
http://www.ubuntu.com/usn/USN-2710-2
Common Vulnerability Exposure (CVE) ID: CVE-2015-6563
http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
BugTraq ID: 76317
http://www.securityfocus.com/bid/76317
http://seclists.org/fulldisclosure/2015/Aug/54
http://www.openwall.com/lists/oss-security/2015/08/22/1
RedHat Security Advisories: RHSA-2016:0741
http://rhn.redhat.com/errata/RHSA-2016-0741.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-6564

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.122744
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2015-2088)
Resumen:	The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2015-2088 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2015-2088 advisory. Vulnerability Insight: [6.6.1p1-22] - Use the correct constant for glob limits (#1160377) [6.6.1p1-21] - Extend memory limit for remote glob in sftp acc. to stat limit (#1160377) [6.6.1p1-20] - Fix vulnerabilities published with openssh-7.0 (#1265807) - Privilege separation weakness related to PAM support - Use-after-free bug related to PAM support [6.6.1p1-19] - Increase limit of files for glob match in sftp to 8192 (#1160377) [6.6.1p1-18] - Add GSSAPIKexAlgorithms option for server and client application (#1253062) [6.6.1p1-17] - Security fixes released with openssh-6.9 (CVE-2015-5352) (#1247864) - XSECURITY restrictions bypass under certain conditions in ssh(1) (#1238231) - weakness of agent locking (ssh-add -x) to password guessing (#1238238) [6.6.1p1-16] - only query each keyboard-interactive device once (CVE-2015-5600) (#1245971) [6.6.1p1-15] - One more typo in manual page documenting TERM variable (#1162683) - Fix race condition with auditing messages answers (#1240613) [6.6.1p1-14] - Fix ldif schema to have correct spacing on newlines (#1184938) - Add missing values for sshd test mode (#1187597) - ssh-copy-id: tcsh doesn't work with multiline strings (#1201758) - Fix memory problems with newkeys and array transfers (#1223218) - Enhance AllowGroups documentation in man page (#1150007) [6.6.1p1-13] - Increase limit of files for glob match in sftp (#1160377) - Add pam_reauthorize.so to /etc/pam.d/sshd (#1204233) - Show all config values in sshd test mode (#1187597) - Document required selinux boolean for working ssh-ldap-helper (#1178116) - Consistent usage of pam_namespace in sshd (#1125110) - Fix auditing when using combination of ForcedCommand and PTY (#1199112) - Add sftp option to force mode of created files (#1197989) - Ability to specify an arbitrary LDAP filter in ldap.conf for ssh-ldap-helper (#1201753) - Provide documentation line for systemd service and socket (#1181591) - Provide LDIF version of LPK schema (#1184938) - Document TERM environment variable (#1162683) - Fix ssh-copy-id on non-sh remote shells (#1201758) - Do not read RSA1 hostkeys for HostBased authentication in FIPS (#1197666) Affected Software/OS: 'openssh' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 8.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5600 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html BugTraq ID: 75990 http://www.securityfocus.com/bid/75990 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 BugTraq ID: 92012 http://www.securityfocus.com/bid/92012 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html http://seclists.org/fulldisclosure/2015/Jul/92 https://security.gentoo.org/glsa/201512-04 https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12 https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html http://openwall.com/lists/oss-security/2015/07/23/4 RedHat Security Advisories: RHSA-2016:0466 http://rhn.redhat.com/errata/RHSA-2016-0466.html http://www.securitytracker.com/id/1032988 SuSE Security Announcement: SUSE-SU-2015:1581 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html http://www.ubuntu.com/usn/USN-2710-1 http://www.ubuntu.com/usn/USN-2710-2 Common Vulnerability Exposure (CVE) ID: CVE-2015-6563 http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html BugTraq ID: 76317 http://www.securityfocus.com/bid/76317 http://seclists.org/fulldisclosure/2015/Aug/54 http://www.openwall.com/lists/oss-security/2015/08/22/1 RedHat Security Advisories: RHSA-2016:0741 http://rhn.redhat.com/errata/RHSA-2016-0741.html Common Vulnerability Exposure (CVE) ID: CVE-2015-6564
Copyright	Copyright (C) 2015 Greenbone AG