Branch c7 update bulletin.

Package openssh updated to version 6.7p1-alt1.M70C.1 for branch c7 in task 172044.

Published: 2016-07-05
Modified: 2016-11-28

BDU:2014-00019

Уязвимость программного обеспечения управления виртуальной инфраструктурой VMware vCenter Server, позволяющая злоумышленнику препятствовать входу других пользователей в систему

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2024-07-05

BDU:2015-04127

Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность и целостность защищаемой информации

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06145

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность и целостность защищаемой информации

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06146

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06147

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06148

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06149

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06150

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06151

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Published: 2015-04-28
Modified: 2021-03-23

BDU:2015-09678

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2013-03-07
Modified: 2025-04-11

CVE-2010-5107

The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2014-01-29
Modified: 2025-04-11

CVE-2014-1692

The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2014-03-18
Modified: 2025-04-12

CVE-2014-2532

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: MEDIUM (4.9) Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

References:

Published: 2014-03-27
Modified: 2025-04-12

CVE-2014-2653

The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Version: 2.1.2

Branch c7 update on 2016-11-11

ALT-BU-2016-3131-1

ALT-PU-2016-2263-1

Closed vulnerabilities

BDU:2014-00019

BDU:2015-04127

BDU:2015-06145

BDU:2015-06146

BDU:2015-06147

BDU:2015-06148

BDU:2015-06149

BDU:2015-06150

BDU:2015-06151

BDU:2015-09678

CVE-2010-5107

CVE-2014-1692

CVE-2014-2532

CVE-2014-2653