SB2016011409 - Information disclosure in openssh (Alpine package)
Published: January 14, 2016
Security Bulletin ID
SB2016011409
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2016-0777)
The vulnerability allows a remote user to disclose potentially sensitive information on the target system.The weakness exists due to access control flaw that allows a malicious user to disclose important data.
Successful exploitation of the vulnerability leads to potentially sensitive information disclosure.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=e59f53fd6f9b4e3da0f5f224a73054a00903dc16
- https://git.alpinelinux.org/aports/commit/?id=502069f7bf3a0c34a5f68413f21d5ea297a3cbcd
- https://git.alpinelinux.org/aports/commit/?id=520f0f795506134008d88476253a9cb5e14b7cd2
- https://git.alpinelinux.org/aports/commit/?id=faf85ab25e44464b8c4c71e0966e70a25ac49e62