ALAS-2016-668


Amazon Linux AMI Security Advisory: ALAS-2016-668
Advisory Release Date: 2016-03-16 16:30 Pacific
Severity: Medium
References: CVE-2016-3115 

Issue Overview:

It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions.


Affected Packages:

openssh


Issue Correction:
Run yum update openssh to update your system.

New Packages:
i686:
    openssh-server-6.6.1p1-23.60.amzn1.i686
    openssh-keycat-6.6.1p1-23.60.amzn1.i686
    openssh-debuginfo-6.6.1p1-23.60.amzn1.i686
    openssh-6.6.1p1-23.60.amzn1.i686
    pam_ssh_agent_auth-0.9.3-9.23.60.amzn1.i686
    openssh-ldap-6.6.1p1-23.60.amzn1.i686
    openssh-clients-6.6.1p1-23.60.amzn1.i686

src:
    openssh-6.6.1p1-23.60.amzn1.src

x86_64:
    openssh-keycat-6.6.1p1-23.60.amzn1.x86_64
    pam_ssh_agent_auth-0.9.3-9.23.60.amzn1.x86_64
    openssh-clients-6.6.1p1-23.60.amzn1.x86_64
    openssh-ldap-6.6.1p1-23.60.amzn1.x86_64
    openssh-6.6.1p1-23.60.amzn1.x86_64
    openssh-server-6.6.1p1-23.60.amzn1.x86_64
    openssh-debuginfo-6.6.1p1-23.60.amzn1.x86_64