ALAS-2015-592


Amazon Linux AMI Security Advisory: ALAS-2015-592
Advisory Release Date: 2015-09-02 12:00 Pacific
Severity: Medium

Issue Overview:

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. (CVE-2015-6563 )

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. (CVE-2015-6564 )


Affected Packages:

openssh


Issue Correction:
Run yum update openssh to update your system.

New Packages:
i686:
    pam_ssh_agent_auth-0.9.3-5.8.45.amzn1.i686
    openssh-debuginfo-6.2p2-8.45.amzn1.i686
    openssh-server-6.2p2-8.45.amzn1.i686
    openssh-ldap-6.2p2-8.45.amzn1.i686
    openssh-6.2p2-8.45.amzn1.i686
    openssh-keycat-6.2p2-8.45.amzn1.i686
    openssh-clients-6.2p2-8.45.amzn1.i686

src:
    openssh-6.2p2-8.45.amzn1.src

x86_64:
    pam_ssh_agent_auth-0.9.3-5.8.45.amzn1.x86_64
    openssh-keycat-6.2p2-8.45.amzn1.x86_64
    openssh-server-6.2p2-8.45.amzn1.x86_64
    openssh-debuginfo-6.2p2-8.45.amzn1.x86_64
    openssh-6.2p2-8.45.amzn1.x86_64
    openssh-clients-6.2p2-8.45.amzn1.x86_64
    openssh-ldap-6.2p2-8.45.amzn1.x86_64