Wind River Support Network

HomeSecurity NoticesWind River Security Alert for 2 openssh vulnerabilities (CVE-2016-0777 and CVE-2016-0778)
Recommended

Wind River Security Alert for 2 openssh vulnerabilities (CVE-2016-0777 and CVE-2016-0778)

Released: Jan 15, 2016     Updated: Jan 15, 2016

Summary

Wind River Security Alert for 2 openssh vulnerabilities (CVE-2016-0777 and CVE-2016-0778)


Product Version

Wind River Linux 5, Wind River Linux 6, Wind River Linux 7, Wind River Linux 8

Downloads


Defects


Description

Wind River Security Alert for 2 openssh vulnerabilities (CVE-2016-0777 and CVE-2016-0778)

Vulnerabilities description:

=========================

CVE-2016-0777

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0777


The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.


CVE-2016-0778

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0778


The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

Solution:

=========

We will fix both of them in WRLinux 5.0.1.35/6.0.0.28/7.0.0.13/8.0.0.2


In the meantime, you can apply the source patches.


The 4.3 are End of Life (EOL), please contact Wind River Support at +1-800-872-4977 or your local Wind River representative for the Wind River Linux 4.3 fix.

These two CVE issues don't effect on Wind River Linux 3.x or 2.x.


Live chat
Online