CVE-2016-10012 log
| Source |
|
| Severity | Low |
| Remote | Yes |
| Type | Insufficient validation |
| Description | It was found that the shared memory manager used by pre-authentication compression support had a bounds checks that could be elided by some optimizing compilers. Additionally, this memory manager was incorrectly accessible when pre-authentication compression was disabled. This could potentially allow attacks against the privileged monitor process from the sandboxed privilege-separation process (a compromise of the latter would be required first). |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-110 | openssh | 7.3p1-2 | 7.4p1-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 22 Dec 2016 | ASA-201612-20 | AVG-110 | openssh | Medium | multiple issues |
| References |
|---|
https://www.openssh.com/txt/release-7.4 http://seclists.org/oss-sec/2016/q4/705 |