Test ID:	1.3.6.1.4.1.25623.1.0.120114
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2015-568)
Summary:	The remote host is missing an update for the 'openssh' package(s) announced via the ALAS-2015-568 advisory.
Description:	Summary: The remote host is missing an update for the 'openssh' package(s) announced via the ALAS-2015-568 advisory. Vulnerability Insight: It was reported that when forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh(1) coupled with 'fail open' behavior in the X11 server when clients attempted connections with expired credentials. Affected Software/OS: 'openssh' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5352 BugTraq ID: 75525 http://www.securityfocus.com/bid/75525 https://security.gentoo.org/glsa/201512-04 https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html http://openwall.com/lists/oss-security/2015/07/01/10 RedHat Security Advisories: RHSA-2016:0741 http://rhn.redhat.com/errata/RHSA-2016-0741.html http://www.securitytracker.com/id/1032797 SuSE Security Announcement: SUSE-SU-2015:1581 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html http://www.ubuntu.com/usn/USN-2710-1 http://www.ubuntu.com/usn/USN-2710-2
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.