|
OpenSSH announced that OpenSSH 6.2 and 6.3 are vulnerable to an authenticated code execution flaw. The vulnerability affects the AES-GCM cipher. As a quick fix, you can disable the cipher (see the URL below for details). Or you can upgrade to OpenSSH 6.4. A user may bypass restrictions imposed to the users account by exploiting the flaw, but the user needs valid credentials to take advantage of the flaw.
[1] http://www.openssh.com/txt/gcmrekey.adv
------ |
Johannes 4346 Posts ISC Handler Nov 11th 2013 |
| Thread locked Subscribe |
Nov 11th 2013 8 years ago |
|
This makes for a nice change. It gets boring patching only BIND, MySQL, Wordpress, Oracle Java and Adobe products over and over.
|
Anonymous |
| Quote |
Nov 11th 2013 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
