Wind River Security Alert for 2 openssh vulnerabilities (CVE-2016-0777 and CVE-2016-0778)
Wind River Security Alert for 2 openssh vulnerabilities (CVE-2016-0777 and CVE-2016-0778)
Vulnerabilities description:
=========================
CVE-2016-0777
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0777
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
CVE-2016-0778
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0778
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
Solution:
=========
We will fix both of them in WRLinux 5.0.1.35/6.0.0.28/7.0.0.13/8.0.0.2
In the meantime, you can apply the source patches.
The 4.3 are End of Life (EOL), please contact Wind River Support at +1-800-872-4977 or your local Wind River representative for the Wind River Linux 4.3 fix.
These two CVE issues don't effect on Wind River Linux 3.x or 2.x.
