Test ID:	1.3.6.1.4.1.25623.1.0.882368
Category:	CentOS Local Security Checks
Title:	CentOS Update for openssh CESA-2016:0043 centos7
Summary:	Check the version of openssh
Description:	Summary: Check the version of openssh Vulnerability Insight: OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client. (CVE-2016-0777) A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options. (CVE-2016-0778) Red Hat would like to thank Qualys for reporting these issues. All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. Affected Software/OS: openssh on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 4.6 CVSS Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-0777 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html BugTraq ID: 80695 http://www.securityfocus.com/bid/80695 Bugtraq: 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 (Google Search) http://www.securityfocus.com/archive/1/537295/100/0/threaded Debian Security Information: DSA-3446 (Google Search) http://www.debian.org/security/2016/dsa-3446 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html FreeBSD Security Advisory: FreeBSD-SA-16:07 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc http://seclists.org/fulldisclosure/2016/Jan/44 https://security.gentoo.org/glsa/201601-01 http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html http://www.openwall.com/lists/oss-security/2016/01/14/7 http://www.securitytracker.com/id/1034671 SuSE Security Announcement: SUSE-SU-2016:0117 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html SuSE Security Announcement: SUSE-SU-2016:0118 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html SuSE Security Announcement: SUSE-SU-2016:0119 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html SuSE Security Announcement: SUSE-SU-2016:0120 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html SuSE Security Announcement: openSUSE-SU-2016:0127 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html SuSE Security Announcement: openSUSE-SU-2016:0128 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html http://www.ubuntu.com/usn/USN-2869-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-0778 BugTraq ID: 80698 http://www.securityfocus.com/bid/80698
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.