Developers Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


CVE 2014-2532

'sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.'

ClearCenter response

This issue has been resolved in patches applied to ClearOS 6.x. Ensure that you are up to date by running the following from command line:

yum update

If you are having trouble updating your system, please contact support.

Short response

This issue has been resolved in backported fixes to ClearOS 6.x. This issue will not be fixed in ClearOS 5. The status of whether this affect ClearOS 7.x is unknown at this time.

Long response

This issue is fixed in the current version of ClearOS but may show up as a false positive for systems which scan version numbers. ClearOS backports fixes into prior version numbers in order to provide longevity and interoperability in its software. If the system is up to date, this backport fix has been applied in the following versions:

  • openssh-5.3p1-104.el6.x86_64.rpm
  • openssh-clients-5.3p1-104.el6.x86_64.rpm
  • openssh-debuginfo-5.3p1-104.el6.i686.rpm
  • openssh-debuginfo-5.3p1-104.el6.x86_64.rpm
  • openssh-ldap-5.3p1-104.el6.x86_64.rpm
  • openssh-server-5.3p1-104.el6.x86_64.rpm
  • pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm
  • pam_ssh_agent_auth-0.9.3-104.el6.x86_64.rpm

To confirm your running version to ensure that it is a later version run the following from command line:

rpm -qi openssh

This will tell you the result of the first package affected and fixed in ClearOS. You can apply the methodology to the other packages. For example:

rpm -qi openssh-server

Resolution

Run the following from command line:

yum update

Once the system is up to date, answer to those reporting this issue that the fixes have been backported into the existing version number.

content/en_us/announcements_cve_cve-2014-2532.txt · Last modified: 2016/09/08 15:32 by dloper

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Aannouncements_cve_cve-2014-2532&1710817999