Return to errata53.html CVS log | Up to [local] / www |
version 1.11, 2013/11/08 03:34:57 | version 1.12, 2013/11/08 04:01:40 | ||
---|---|---|---|
|
|
||
A source code patch exists which remedies this problem</a>.<br> | A source code patch exists which remedies this problem</a>.<br> | ||
<p> | <p> | ||
<li><a name="009_sshgcm"></a> | |||
<font color="#009000"><strong>009: SECURITY FIX: Nov 7, 2013</strong></font> <i>All architectures</i><br> | |||
A memory corruption vulnerability exists in the post-authentication sshd process | |||
when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is | |||
selected during kex exchange. | |||
Review the <a href="http://www.openssh.org/txt/gcmrekey.adv">gcmrekey advisory</a> | |||
for a mitigation. | |||
<br> | |||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.3/common/009_sshgcm.patch"> | |||
A source code patch exists which remedies this problem</a>.<br> | |||
<p> | |||
</ul> | </ul> | ||