Bug 17944

Summary: openssh new xauth command injection security issue (CVE-2016-3115)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, guillomovitch, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/679761/
Whiteboard: MGA5-64-OK advisory
Source RPM: openssh-7.1p2-2.mga6.src.rpm CVE:
Status comment:

Description David Walser 2016-03-10 16:07:17 CET 
Upstream has issued an advisory today (March 10):
http://www.openssh.com/txt/x11fwd.adv

The issue is fixed in version 7.2p2:
http://openwall.com/lists/oss-security/2016/03/10/9

Mageia 5 is also affected.
David Walser 2016-03-10 16:07:42 CET

Whiteboard: (none) => MGA5TOO

Comment 1 David Walser 2016-03-10 19:26:57 CET 
CVE-2016-3115 has been assigned for this:
http://openwall.com/lists/oss-security/2016/03/10/16

Summary: openssh new xauth command injection security issue => openssh new xauth command injection security issue (CVE-2016-3115)

Comment 2 David Walser 2016-03-10 21:21:32 CET 
openssh-7.2p2-1.mga6 uploaded for Cauldron by Guillaume.  Thanks.

Version: Cauldron => 5
Whiteboard: MGA5TOO => (none)

Comment 3 David Walser 2016-03-10 23:33:39 CET 
Patched package uploaded for Mageia 5 by Guillaume.  Thanks Guillaume!!

Advisory:
========================

Updated openssh packages fix security vulnerability:

Missing sanitisation of untrusted input allows an authenticated user who is
able to request X11 forwarding to inject commands to xauth(1) (CVE-2016-3115).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115
http://www.openssh.com/txt/x11fwd.adv
http://openwall.com/lists/oss-security/2016/03/10/16
========================

Updated packages in core/updates_testing:
========================
openssh-6.6p1-5.7.mga5
openssh-clients-6.6p1-5.7.mga5
openssh-server-6.6p1-5.7.mga5
openssh-askpass-common-6.6p1-5.7.mga5
openssh-askpass-6.6p1-5.7.mga5
openssh-askpass-gnome-6.6p1-5.7.mga5
openssh-ldap-6.6p1-5.7.mga5

from openssh-6.6p1-5.7.mga5.src.rpm

CC: (none) => guillomovitch
Assignee: guillomovitch => qa-bugs

Dave Hodgins 2016-03-11 00:28:53 CET

Keywords: (none) => validated_update
Whiteboard: (none) => MGA5-64-OK advisory
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 4 Mageia Robot 2016-03-11 00:38:24 CET 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0108.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2016-03-11 16:42:12 CET

URL: (none) => http://lwn.net/Vulnerabilities/679761/