[BSA-087] Security Update for openssh

Colin Watson uploaded new packages for openssh which fixed the following
security problems:

CVE-2013-4548
  A memory corruption vulnerability exists in the post-authentication
  sshd process when an AES-GCM cipher (aes128-gcm-ZT/51Pfwho1BDgjK7y7TUQ< at >public.gmane.org or
  aes256-gcm-ZT/51Pfwho1BDgjK7y7TUQ< at >public.gmane.org) is selected during kex exchange.

  If exploited, this vulnerability might permit code execution with the
  privileges of the authenticated user and may therefore allow bypassing
  restricted shell/command configurations.

  https://security-tracker.debian.org/tracker/CVE-2013-4548

For the wheezy-backports distribution, this problem has been fixed in
version 1:6.4p1-1~bpo70+1.

For the testing (jessie) and unstable (sid) distributions, this problem
has been fixed in version 1:6.4p1-1.

Other distributions are not vulnerable.

Leave a Reply