Scientific Linux Security Update : openssh on SL6.x i386/x86_64
High Nessus Plugin ID 90080
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionIt was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. (CVE-2016-3115)
It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600)
After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.
SolutionUpdate the affected packages.