SB2016011511 - Fedora 22 update for openssh
Published: January 15, 2016 Updated: April 24, 2025
Security Bulletin ID
SB2016011511
Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2016-0777)
The vulnerability allows a remote user to disclose potentially sensitive information on the target system.The weakness exists due to access control flaw that allows a malicious user to disclose important data.
Successful exploitation of the vulnerability leads to potentially sensitive information disclosure.
2) Buffer overflow (CVE-ID: CVE-2016-1907)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
Remediation
Install update from vendor's website.