[SGVLUG] OpenSSH 6.2/6.3 security advisory
nopbin at gmail.com
nopbin at gmail.com
Fri Nov 8 11:17:42 PST 2013
http://www.openssh.com/txt/gcmrekey.adv
A memory corruption vulnerability that might permit code execution with the
privileges of the authenticated user. Affects OpenSSH 6.2 and OpenSSH 6.3
when built against an OpenSSL that supports AES-GSM. The mitigation
involves disabling AES-GSM support (see advisory), upgrading to OpenSSH 6.4
or applying the patch supplied in the advisory.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sgvlug.net/pipermail/sgvlug/attachments/20131108/b9c258b5/attachment.html>
More information about the SGVLUG
mailing list