CVE-2016-0787修正のlibssh2が3月10日にリリースされていました。
CVE-2016-0787 – Red Hat Customer Portal
https://access.redhat.com/security/cve/cve-2016-0787
Moderate: libssh2 security update
https://rhn.redhat.com/errata/RHSA-2016-0428.html
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
[root@host01 ~]# yum update Loaded plugins: fastestmirror base | 3.6 kB 00:00:00 epel/x86_64/metalink | 5.0 kB 00:00:00 epel | 4.3 kB 00:00:00 extras | 3.4 kB 00:00:00 remi | 2.9 kB 00:00:00 updates | 3.4 kB 00:00:00 (1/4): epel/x86_64/updateinfo | 510 kB 00:00:00 (2/4): epel/x86_64/primary_db | 3.9 MB 00:00:00 (3/4): updates/7/x86_64/primary_db | 3.1 MB 00:00:00 (4/4): remi/primary_db | 1.2 MB 00:00:15 Loading mirror speeds from cached hostfile * base: ftp.iij.ad.jp * epel: ftp.iij.ad.jp * extras: ftp.iij.ad.jp * remi: remi.kazukioishi.net * updates: ftp.iij.ad.jp Resolving Dependencies --> Running transaction check ---> Package libssh2.x86_64 0:1.4.3-10.el7 will be updated ---> Package libssh2.x86_64 0:1.4.3-10.el7_2.1 will be an update --> Finished Dependency Resolution Dependencies Resolved ===================================================================================================== Package Arch Version Repository Size ===================================================================================================== Updating: libssh2 x86_64 1.4.3-10.el7_2.1 updates 134 k Transaction Summary ===================================================================================================== Upgrade 1 Package Total download size: 134 k Is this ok [y/d/N]: y Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. libssh2-1.4.3-10.el7_2.1.x86_64.rpm | 134 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : libssh2-1.4.3-10.el7_2.1.x86_64 1/2 Cleanup : libssh2-1.4.3-10.el7.x86_64 2/2 Verifying : libssh2-1.4.3-10.el7_2.1.x86_64 1/2 Verifying : libssh2-1.4.3-10.el7.x86_64 2/2 Updated: libssh2.x86_64 0:1.4.3-10.el7_2.1 Complete! |
1 2 3 4 5 6 7 8 9 10 |
[root@host01 ~]# rpm -q --changelog libssh2 | head * Fri Feb 19 2016 Kamil Dudka <kdudka@redhat.com> 1.4.3-10.el7_2.1 - use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787) * Mon Jun 01 2015 Kamil Dudka <kdudka@redhat.com> 1.4.3-10 - check length of data extracted from the SSH_MSG_KEXINIT packet (CVE-2015-1782) * Tue May 05 2015 Kamil Dudka <kdudka@redhat.com> 1.4.3-9 - curl consumes too much memory during scp download (#1080459) - prevent a not-connected agent from closing STDIN (#1147717) |