Use-after-free bug was found in openssh package. The vulnerability is exploitable by attackers who could compromise the pre-authentication process for remote code execution. Upstream patch: https://anongit.mindrot.org/openssh.git/commit/?id=5e75f5198769056089fb06c4d738ab0e5abc66f7 CVE request: http://seclists.org/oss-sec/2015/q3/319 External References: http://www.openssh.com/txt/release-7.0
Created openssh tracking bugs for this issue: Affects: fedora-all [bug 1252853]
openssh-7.0p1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
openssh-6.9p1-5.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Is this CVE-2015-6564? The patches look the same. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6564
CVE assignment: http://seclists.org/oss-sec/2015/q3/419
openssh-6.6.1p1-16.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Further details of this issue can be found in the advisory form the original reporter that was posted to the full-disclosure mailing list: http://seclists.org/fulldisclosure/2015/Aug/54 The advisory indicates that the use-after-free can only be triggered if attacker is able to fully compromise non-privileged pre-authentication process using some different flaw. Reporter also indicates that they were unable to leverage this issue for any practical attack.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2088 https://rhn.redhat.com/errata/RHSA-2015-2088.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:0741 https://rhn.redhat.com/errata/RHSA-2016-0741.html