- Vulnerability/
- USN-2966-1
USN-2966-1: OpenSSH vulnerabilities
First published: Mon May 09 2016(Updated: )
Shayan Sadigh discovered that OpenSSH incorrectly handled environment files when the UseLogin feature is enabled. A local attacker could use this issue to gain privileges. (CVE-2015-8325) Ben Hawkes discovered that OpenSSH incorrectly handled certain network traffic. A remote attacker could possibly use this issue to cause OpenSSH to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10. (CVE-2016-1907) Thomas Hoger discovered that OpenSSH incorrectly handled untrusted X11 forwarding when the SECURITY extension is disabled. A connection configured as being untrusted could get switched to trusted in certain scenarios, contrary to expectations. (CVE-2016-1908) It was discovered that OpenSSH incorrectly handled certain X11 forwarding data. A remote authenticated attacker could possibly use this issue to bypass certain intended command restrictions. (CVE-2016-3115)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/openssh-server | <1:6.9p1-2ubuntu0.2 | 1:6.9p1-2ubuntu0.2 |
| Ubuntu gir1.2-packagekitglib-1.0 | =15.10 | |
| All of | ||
| ubuntu/openssh-server | <1:6.6p1-2ubuntu2.7 | 1:6.6p1-2ubuntu2.7 |
| Ubuntu gir1.2-packagekitglib-1.0 | =14.04 | |
| All of | ||
| ubuntu/openssh-server | <1:5.9p1-5ubuntu1.9 | 1:5.9p1-5ubuntu1.9 |
| Ubuntu gir1.2-packagekitglib-1.0 | =12.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2015-8325
- https://ubuntu.com/security/CVE-2016-1907
- https://ubuntu.com/security/CVE-2016-1908
- https://ubuntu.com/security/CVE-2016-3115
- https://launchpad.net/ubuntu/+source/openssh/1:6.9p1-2ubuntu0.2
- https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.7
- https://launchpad.net/ubuntu/+source/openssh/1:5.9p1-5ubuntu1.9
- https://ubuntu.com/security/notices/USN-2966-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-2966-1?
The severity of USN-2966-1 is considered high due to potential privilege escalation vulnerabilities.
How do I fix USN-2966-1?
To fix USN-2966-1, upgrade the OpenSSH server to the patched version provided in the advisory for your Ubuntu release.
What products are affected by USN-2966-1?
USN-2966-1 affects various versions of OpenSSH server running on Ubuntu 12.04, 14.04, and 15.10.
Can a local attacker exploit USN-2966-1?
Yes, a local attacker could exploit USN-2966-1 to gain elevated privileges on affected systems.
Is remote exploitation possible with USN-2966-1?
Yes, USN-2966-1 also involves vulnerabilities that could potentially be exploited remotely under certain conditions.
- agent/references
- agent/severity
- agent/last-modified-date
- agent/type
- agent/first-publish-date
- agent/event
- agent/title
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu gir1.2-packagekitglib-1.0
- version/ubuntu gir1.2-packagekitglib-1.0/15.10
- version/ubuntu gir1.2-packagekitglib-1.0/14.04
- version/ubuntu gir1.2-packagekitglib-1.0/12.04