[ MDVSA-2015:095 ] openssh

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:095
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : openssh
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated openssh packages fix security vulnerabilities:
 
 sshd in OpenSSH before 6.6 does not properly support wildcards
 on AcceptEnv lines in sshd_config, which allows remote attackers to
 bypass intended environment restrictions by using a substring located
 before a wildcard character (CVE-2014-2532).
 
 Matthew Vernon reported that if a SSH server offers a HostCertificate
 that the ssh client doesn't accept, then the client doesn't check
 the DNS for SSHFP records. As a consequence a malicious server can
 disable S

007 Software

[ MDVSA-2015:095 ] openssh

Leave a Reply Cancel reply

Software and Security Information