Red.Hat.Update.for.openssh.RHSA-2014-1552

description-logoDescription

OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server.
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. (CVE-2014-2532)
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. (CVE-2014-2653)

affected-products-logoAffected Products

Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Impact logoImpact

This vulnerability could allow an attacker to gain unauthorized access to sensitive information.

recomended-action-logoRecommended Actions

Please download and apply patches as instructed in http://rhn.redhat.com/errata/RHSA-2014-1552.html.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)