CVE-2015-5352

Publication date 2 August 2015

Last updated 24 July 2024


Ubuntu priority

The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.

Status

Package Ubuntu Release Status
openssh 15.04 vivid
Fixed 1:6.7p1-5ubuntu1.2
14.10 utopic Ignored end of life
14.04 LTS trusty
Fixed 1:6.6p1-2ubuntu2.2
12.04 LTS precise
Fixed 1:5.9p1-5ubuntu1.6

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
openssh