AVG-110

Package openssh
Status Fixed
Severity Medium
Type multiple issues
Affected 7.3p1-2
Fixed 7.4p1-1
Current 7.7p1-1 [core]
Ticket None
Created Tue Dec 20 09:09:13 2016
Issue Severity Remote Type Description
CVE-2016-10012 Low Yes Insufficient validation
It was found that the shared memory manager used by pre-authentication compression support had a bounds checks that could be elided by some optimizing...
CVE-2016-10011 Low No Information disclosure
It was found that there is a theoretical leak of host private key material to privilege-separated child processes via realloc() when reading keys. No such...
CVE-2016-10010 Medium No Privilege escalation
It was found that when privilege separation was disabled in OpenSSH, forwarded Unix-domain sockets would be created by sshd with root privileges instead of...
CVE-2016-10009 Medium No Arbitrary code execution
It was found that ssh-agent could load PKCS#11 modules from paths outside of a trusted whitelist. An attacker able to load a crafted PKCS#11 module across a...
Date Advisory Package Description
22 Dec 2016 ASA-201612-20 openssh multiple issues
References
https://www.openssh.com/txt/release-7.4
http://seclists.org/oss-sec/2016/q4/708