Wind River Support Network


LIN6-12220 : Security Advisory - openssh - CVE-2016-10012

Created: Jan 8, 2017    Updated: Dec 3, 2018
Resolved Date: Jan 9, 2017
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace


It was found that the shared memory manager used by pre-authentication compression support had a bounds checks that could be elided by some optimising compilers. Additionally, this memory manager was incorrectly accessible when pre-authentication compression was disabled. This could potentially allow attacks against the privileged monitor process from the sandboxed privilege-separation process (a compromise of the latter would be required first).

CVE assignment:

External References:

Upstream patches:

Other Downloads

Live chat