[security-announce] openssh: Security Update: CVE-2016-0777 and CVE-2016-0778

Sona Sarmadi sona.sarmadi at enea.com
Tue Jan 26 09:41:52 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

		Enea Linux Security Advisory

=========================================================
Product/package: openssh
Severity: Medium, Low
CVE Names: CVE-2016-0777 and CVE-2016-0778
Layer: poky
=========================================================

This security update addresses the following CVEs:

CVE-2016-0777 OpenSSH: Client Information leak due to use of roaming
connection feature

CVE-2016-0778 OpenSSH: Client buffer-overflow when using roaming
connections

Description:

CVE-2016-0777
The resend_bytes function in roaming_common.c in the client in OpenSSH
5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain
sensitive information from process memory by requesting transmission
of an entire buffer, as demonstrated by reading a private key.

CVE-2016-0778
The (1) roaming_read and (2) roaming_write functions in
roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before
7.1p2, when certain proxy and forward options are enabled, do not
properly maintain connection file descriptors, which allows remote
servers to cause a denial of service (heap-based buffer overflow) or
possibly have unspecified other impact by requesting many forwardings.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778


Upstream patch reference:
Backported from:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/patch/
?id=9845a542a76156adb5aef6fd33ad5bc5777acf64

Correction for Enea Linux 5.0:
http://git.enea.com/cgit/linux/poky.git/patch/?id=c6d12aaaa21048373b280c
ff9d3dfc0082a025eb

How to get the latest patches
=============================
 - If you have already cloned meta-enea, update it to get new
security patches.

cd Enea-Linux-5.0/poky
git pull

 - If you have not yet cloned needed repositories, do it as described
below. (All patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWpzFQAAoJEAilI68fskZd9fEH/203SVy9G+pD1VtFTxOeeKqt
iU08jDlJePunzmajgGmt/7adfCETEscU/P0e37go4ETMrmnsoSz+wvLrKhlsNP5d
QKjMHgDYaSFoNz1HcWymDEOFI87a8Iy5YP1rycNuxUUbvjzZm3HefewImS78HIaP
526JpUCpKFkEri2x+wZeFDVaFb+eWluAZnWr+UL7mgDdw/GM84Zm6vp9fGzTbckH
7//mQ2JfG6T1WabdwLwgPkWsZm/dn7wqF8tEvP4PXvPWDsjxSl65SH8XfRW731Kv
FVW+gBFj2KPG7tp8CaMDSVkxp7ixEEBe+XTvTiLfSE+R28EEMh/dYmqxkZM/rU0=
=fpVP
-----END PGP SIGNATURE-----


More information about the security-announce mailing list