[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-security
Subject: RE: [SECURITY] [DSA 3550-1] openssh security update
From: Damien MURE <Damien.MURE () atih ! sante ! fr>
Date: 2016-04-18 7:22:39
Message-ID: 20160418073621.927D1135 () bendel ! debian ! org
[Download RAW message or body]
Mise à jour securité sur ssh.
A+
Damien Mure
Ingénieur Systèmes & Réseaux
Pôle Système et réseau - Service Architecture et production informatiques
Agence technique de l'information sur l'hospitalisation (ATIH)
117, bd Marius Vivier Merle 69329 Lyon cedex 03
Tél: 04 37 91 33 18
damien.mure@atih.sante.fr - www.atih.sante.fr
-----Message d'origine-----
De : Moritz Muehlenhoff [mailto:jmm@debian.org]
Envoyé : vendredi 15 avril 2016 19:09
À : debian-security-announce@lists.debian.org
Objet : [SECURITY] [DSA 3550-1] openssh security update
Importance : Haute
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3550-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 15, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openssh
CVE ID : CVE-2015-8325
Shayan Sadigh discovered a vulnerability in OpenSSH: If PAM support is enabled and \
the sshd PAM configuration is configured to read user- specified environment \
variables and the "UseLogin" option is enabled, a local user may escalate her \
privileges to root.
In Debian "UseLogin" is not enabled by default.
For the oldstable distribution (wheezy), this problem has been fixed in version \
6.0p1-4+deb7u4.
For the stable distribution (jessie), this problem has been fixed in version \
6.7p1-5+deb8u2.
For the unstable distribution (sid), this problem has been fixed in version \
1:7.2p2-3.
We recommend that you upgrade your openssh packages.
Further information about Debian Security Advisories, how to apply these updates to \
your system and frequently asked questions can be found at: \
https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXER/aAAoJEBDCk7bDfE42NewQAI+mY4sv/x7S9hBMTqozVfKs
9G2H2qAfE23PIs3a/IPsdmdTK+baavJBCWMKSQCgaBcorl+t1dE8hWBnWu7Hp+SY
jBh+a8jTr6ZvaTVotePwmyjLeJiHoQ6YmgMS41QT05dxXhuVmFYAtCZ2oF6isxGk
vgVdsHDfZ4Z72b5CODACyAG1twmFgqWu7VNwqhqNGfA/+vgNrk5iAa2b5iOAbXrh
AyzVFFuQr+vbvHlAI/fBW/oeHvlDZuTUiNqRGQ4I0ELiFcjBJoTUo08qXww1GFU9
aIwO0w/rv/qmRFzDK5dasA/VSGza8pmdXj64HcDFNdpoJPrwL3JD/PT1l3sA4vcW
GaNsmHn8ZQAMSn50WomPiqrwc+4F+fcXRz/VTUrQdrIplQ7NikB26oxB8Y3/8rws
Pzjv6MDOF+LSMAoC6E7NjeAO6S55cXv6VCoRMPYEDVcVcwOKqxXCvA4p/3wBo/D6
okZI0DgrwbygBMlpSUyF6c3QDgazgzVvdPed3sZnBPMEvbFbaPEO52ijQpT/majX
wZtENdhTD4vX7glwBoA67ZRRBVSjpTZu2jTELFLjJaOOMCPWrj+GEE65wWDYa+Sx
es1bq7thEuR/sV1QJf3XDt8KQHLF836ixL9c6XblvqNBXSr98yf8ZFZM5nqgq/2O
MrVWLIbaBJbfUSXBINTp
=sYuW
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic