OpenSSH announced that OpenSSH 6.2 and 6.3 are vulnerable to an authenticated code execution flaw. The vulnerability affects the AES-GCM cipher. As a quick fix, you can disable the cipher (see the URL below for details). Or you can upgrade to OpenSSH 6.4. A user may bypass restrictions imposed to the users account by exploiting the flaw, but the user needs valid credentials to take advantage of the flaw.
[1] http://www.openssh.com/txt/gcmrekey.adv
------ |
Johannes 4068 Posts ISC Handler Nov 11th 2013 |
Thread locked Subscribe |
Nov 11th 2013 7 years ago |
This makes for a nice change. It gets boring patching only BIND, MySQL, Wordpress, Oracle Java and Adobe products over and over.
|
Anonymous |
Quote |
Nov 11th 2013 7 years ago |
Sign Up for Free or Log In to start participating in the conversation!