[SGVLUG] OpenSSH 6.2/6.3 security advisory

nopbin at gmail.com nopbin at gmail.com
Fri Nov 8 11:17:42 PST 2013


http://www.openssh.com/txt/gcmrekey.adv

A memory corruption vulnerability that might permit code execution with the
privileges of the authenticated user.  Affects OpenSSH 6.2 and OpenSSH 6.3
when built against an OpenSSL that supports AES-GSM.  The mitigation
involves disabling AES-GSM support (see advisory), upgrading to OpenSSH 6.4
or applying the patch supplied in the advisory.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sgvlug.net/pipermail/sgvlug/attachments/20131108/b9c258b5/attachment.html>


More information about the SGVLUG mailing list