Back to bug 1298741
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Tomas Hoger | 2016-01-14 22:14:04 UTC | Blocks | 1298744 | |
| Tomas Hoger | 2016-01-15 07:57:02 UTC | Fixed In Version | openssh 7.1p2 | |
| Slawomir Czarko | 2016-01-15 07:59:46 UTC | CC | slawomir | |
| Tomas Hoger | 2016-01-15 09:03:22 UTC | Whiteboard | impact=moderate,public=20160114,reported=20151005,source=redhat,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cwe=CWE-284,rhel-5/openssh=wontfix,rhel-6/openssh=affected,rhel-7/openssh=affected,fedora-all/openssh=affected | impact=moderate,public=20160114,reported=20151005,source=redhat,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cwe=CWE-284,rhel-5/openssh=wontfix,rhel-6/openssh=affected,rhel-7/openssh=affected,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected,epel-all/gsi-openssh=affected |
| Tomas Hoger | 2016-01-15 09:08:29 UTC | Depends On | 1298840 | |
| Tomas Hoger | 2016-01-15 09:08:42 UTC | Depends On | 1298841 | |
| Tomas Hoger | 2016-01-15 09:08:49 UTC | Depends On | 1298842 | |
| Salvatore Bonaccorso | 2016-01-15 18:40:48 UTC | CC | carnil | |
| Tomas Hoger | 2016-01-15 19:35:10 UTC | Summary | openssh: possible fallback from untrusted to trusted X11 forwarding | CVE-2016-1908 openssh: possible fallback from untrusted to trusted X11 forwarding |
| Alias | CVE-2016-1908 | |||
| Tomas Hoger | 2016-01-15 19:37:53 UTC | Depends On | 1299048 | |
| Tomas Hoger | 2016-01-15 19:43:29 UTC | Whiteboard | impact=moderate,public=20160114,reported=20151005,source=redhat,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cwe=CWE-284,rhel-5/openssh=wontfix,rhel-6/openssh=affected,rhel-7/openssh=affected,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected,epel-all/gsi-openssh=affected | impact=moderate,public=20160114,reported=20151005,source=redhat,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cwe=CWE-284,rhel-5/openssh=wontfix,rhel-6/openssh=defer,rhel-7/openssh=defer,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected,epel-all/gsi-openssh=affected |
| Tomas Hoger | 2016-01-15 19:49:24 UTC | Doc Text | It was discovered that the OpenSSH client did not correctly handle failures to generate authentication cookie for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish trusted connection to the local X server even though only untrusted X11 forwarding was requested. | |
| Summer Long | 2016-01-22 02:48:44 UTC | CC | slong | |
| Doc Text | It was discovered that the OpenSSH client did not correctly handle failures to generate authentication cookie for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish trusted connection to the local X server even though only untrusted X11 forwarding was requested. | An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. | ||
| Tomas Hoger | 2016-03-16 08:44:27 UTC | Fixed In Version | openssh 7.2 | |
| Tomas Hoger | 2016-03-16 08:58:10 UTC | Whiteboard | impact=moderate,public=20160114,reported=20151005,source=redhat,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cwe=CWE-284,rhel-5/openssh=wontfix,rhel-6/openssh=defer,rhel-7/openssh=defer,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected,epel-all/gsi-openssh=affected | impact=moderate,public=20160114,reported=20151005,source=redhat,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cwe=CWE-284,rhel-5/openssh=wontfix,rhel-6/openssh=defer,rhel-7/openssh=affected,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected,epel-all/gsi-openssh=affected |
| Tomas Hoger | 2016-03-16 08:58:18 UTC | Depends On | 1318183 | |
| Tomas Hoger | 2016-03-16 08:58:22 UTC | Depends On | 1318184 | |
| Tomas Hoger | 2016-05-05 12:48:09 UTC | Whiteboard | impact=moderate,public=20160114,reported=20151005,source=redhat,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cwe=CWE-284,rhel-5/openssh=wontfix,rhel-6/openssh=defer,rhel-7/openssh=affected,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected,epel-all/gsi-openssh=affected | impact=moderate,public=20160114,reported=20151005,source=redhat,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cwe=CWE-284,rhel-5/openssh=wontfix,rhel-6/openssh=affected,rhel-7/openssh=affected,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected,epel-all/gsi-openssh=affected |
| Tomas Hoger | 2016-05-11 06:44:39 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-05-11 02:44:39 UTC | |||
| Norman Sardella | 2016-06-01 12:05:04 UTC | CC | sardella | |
| Product Security DevOps Team | 2019-09-29 13:42:36 UTC | Whiteboard | impact=moderate,public=20160114,reported=20151005,source=redhat,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cwe=CWE-284,rhel-5/openssh=wontfix,rhel-6/openssh=affected,rhel-7/openssh=affected,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected,epel-all/gsi-openssh=affected |
Back to bug 1298741