ALAS-2015-568


Amazon Linux AMI Security Advisory: ALAS-2015-568
Advisory Release Date: 2015-07-22 10:00 Pacific
Severity: Medium
References: CVE-2015-5352 

Issue Overview:

It was reported that when forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh(1) coupled with "fail open" behavior in the X11 server when clients attempted connections with expired credentials.


Affected Packages:

openssh


Issue Correction:
Run yum update openssh to update your system.

New Packages:
i686:
    openssh-server-6.2p2-8.44.amzn1.i686
    openssh-debuginfo-6.2p2-8.44.amzn1.i686
    openssh-clients-6.2p2-8.44.amzn1.i686
    pam_ssh_agent_auth-0.9.3-5.8.44.amzn1.i686
    openssh-6.2p2-8.44.amzn1.i686
    openssh-ldap-6.2p2-8.44.amzn1.i686
    openssh-keycat-6.2p2-8.44.amzn1.i686

src:
    openssh-6.2p2-8.44.amzn1.src

x86_64:
    openssh-6.2p2-8.44.amzn1.x86_64
    openssh-keycat-6.2p2-8.44.amzn1.x86_64
    pam_ssh_agent_auth-0.9.3-5.8.44.amzn1.x86_64
    openssh-clients-6.2p2-8.44.amzn1.x86_64
    openssh-debuginfo-6.2p2-8.44.amzn1.x86_64
    openssh-ldap-6.2p2-8.44.amzn1.x86_64
    openssh-server-6.2p2-8.44.amzn1.x86_64