Update openssh for CVE-2015-5600 and CVE-2016-3115

March 22, 2016 — Leave a comment

On March 21st, the openssh package was updated to patch two moderate vulnerabilities; CVE-2015-5600 and CVE-2016-3115.

How to update

To update, you just need to use yum to update the openssh version on your system. They are already out on the repos.

Check if its available
Check to see if the update is available for you by using this yum command

If it shows a new version available, then go ahead and update with:

Once updated, you can verify that you’re patched by running the following commands:

If you are patched, you will see:

Then, check the other:

If you are patched, you will see:

More info

CVE-2015-5600
It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (Quote from RedHat announcement)

CVE-2016-3115
It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. (Quote from RedHat announcement)

Links
https://rhn.redhat.com/errata/RHSA-2016-0466.html
https://lists.centos.org/pipermail/centos-announce/2016-March/thread.html

Below are the packages that are being shot out to the mirrors:

CentOS 6:

CentOS 7:




No Comments

Be the first to start the conversation.

Leave a Reply