[CLSA-2022:1657561632] Fixed CVEs in openssh-5.3p1: CVE-2016-10708, CVE-2016-10012
Type:
security
Severity:
Important
Release date:
2022-07-11
Description:
- CVE-2016-10708: fix crash in packet handling code by moving inbound NEWKEYS handling to kex layer - CVE-2016-10012: abandon the fix due to compression mode issues
Updated packages:
  • pam_ssh_agent_auth-0.9.3-125.el6.tuxcare.els2.i686.rpm
    sha:33a6c24cc2496ba34696ac28d537ce987c0e5e5f
  • openssh-ldap-5.3p1-125.el6.tuxcare.els2.x86_64.rpm
    sha:b6744bab74e796907aeee2a14ecb945fbe357d2e
  • openssh-askpass-5.3p1-125.el6.tuxcare.els2.x86_64.rpm
    sha:907aa0bd92c80bcf0abea1f1b16af6d8e65dd30a
  • pam_ssh_agent_auth-0.9.3-125.el6.tuxcare.els2.x86_64.rpm
    sha:acd16614f40d285392d4ded7279bff1f4ae69d70
  • openssh-5.3p1-125.el6.tuxcare.els2.x86_64.rpm
    sha:ac8df161f7a0fadd956457964ca0f5b9812ea100
  • openssh-server-5.3p1-125.el6.tuxcare.els2.x86_64.rpm
    sha:2685ef722dad4439049ae04d0a0495f4d8b46680
  • openssh-clients-5.3p1-125.el6.tuxcare.els2.x86_64.rpm
    sha:980770160169bb374040c9e9cb300ae33aeb02f1
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.