AVG-110 log
| Package | openssh |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 7.3p1-2 |
| Fixed | 7.4p1-1 |
| Current | 9.7p1-1 [core] |
| Ticket | None |
| Created | Tue Dec 20 09:09:13 2016 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2016-10012 | Low | Yes | Insufficient validation | It was found that the shared memory manager used by pre-authentication compression support had a bounds checks that could be elided by some optimizing... |
| CVE-2016-10011 | Low | No | Information disclosure | It was found that there is a theoretical leak of host private key material to privilege-separated child processes via realloc() when reading keys. No such... |
| CVE-2016-10010 | Medium | No | Privilege escalation | It was found that when privilege separation was disabled in OpenSSH, forwarded Unix-domain sockets would be created by sshd with root privileges instead of... |
| CVE-2016-10009 | Medium | No | Arbitrary code execution | It was found that ssh-agent could load PKCS#11 modules from paths outside of a trusted whitelist. An attacker able to load a crafted PKCS#11 module across a... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 22 Dec 2016 | ASA-201612-20 | openssh | multiple issues |
| References |
|---|
https://www.openssh.com/txt/release-7.4 http://seclists.org/oss-sec/2016/q4/708 |