Arch Linux alert ASA-201507-4 (openssh)

From:
    	       Levente Polyak <anthraxx@archlinux.org> 
To:
    	       arch-security@archlinux.org 
Subject:
    	       [arch-security] [ASA-201507-4] openssh: XSECURITY restrictions bypass 
Date:
    	       Sat, 4 Jul 2015 15:24:18 +0200
Message-ID:
    	       <5597DE82.8050009@archlinux.org>
Arch Linux Security Advisory ASA-201507-4
=========================================

Severity: Medium
Date    : 2015-07-04
CVE-ID  : CVE-2015-5352
Package : openssh
Type    : XSECURITY restrictions bypass
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package openssh before version 6.9p1-1 is vulnerable to XSECURITY
restrictions bypass.

Resolution
==========

Upgrade to 6.9p1-1.

# pacman -Syu "openssh>=6.9p1-1"

The problem has been fixed upstream in version 6.9p1.

Workaround
==========

None.

Description
===========

When forwarding X11 connections with ForwardX11Trusted=no, connections
made after ForwardX11Timeout expired could be permitted and no longer
subject to XSECURITY restrictions because of an ineffective timeout
check in ssh coupled with "fail open" behaviour in the X11 server when
clients attempted connections with expired credentials. This problem was
reported by Jann Horn.

Impact
======

A remote attacker is able to bypass the XSECURITY restrictions when
forwarding X11 connections by making use of an ineffective timeout check.

References
==========

http://www.openssh.com/txt/release-6.9
https://access.redhat.com/security/cve/CVE-2015-5352

From:		Levente Polyak <anthraxx@archlinux.org>
To:		arch-security@archlinux.org
Subject:		[arch-security] [ASA-201507-4] openssh: XSECURITY restrictions bypass
Date:		Sat, 4 Jul 2015 15:24:18 +0200
Message-ID:		<5597DE82.8050009@archlinux.org>