This is a SSH vulnerability. The solution is to upgrade SSH to version 7.2p2 or later. When I do a yum update in my CENTOS 6, I show I am on 7.1p1-1. My Tripwire scanning showed the vulnerability is not fixed. So, I turned of X11 Forwarding as suggested, but would like to get to 7.2p2 or later. Is this going to be fixed?
Beth
SSH vulnerability CVE-2016-3115
Re: SSH vulnerability CVE-2016-3115
It has already been fixed:
If this confuses you, read the backporting page.
Code: Select all
$ rpm -q openssh --changelog | grep CVE-2016-3115
- CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317817)
$ rpm -q openssh
openssh-5.3p1-118.1.el6_8.x86_64Re: SSH vulnerability CVE-2016-3115
In addition: Why do you have 7.1p1-1? That is not a CentOS version at all, and any "yum update"s won't help.