{"id":"RHSA-2017:2029","summary":"Red Hat Security Advisory: openssh security, bug fix, and enhancement update","modified":"2026-01-14T11:02:25.768937Z","published":"2024-09-16T00:09:10Z","upstream":["CVE-2016-10009","CVE-2016-10011","CVE-2016-10012","CVE-2016-10708","CVE-2016-6210","CVE-2016-6515"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2029"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#moderate"},{"type":"ARTICLE","url":"https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1357442"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1360973"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1364935"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1366400"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1373835"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1375179"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1381997"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396400"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1398569"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1402424"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406269"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406286"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406293"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418062"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1420910"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1438414"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1450361"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2029.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2016-6210"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2016-6210"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6210"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2016-6515"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2016-6515"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6515"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2016-10009"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2016-10009"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10009"},{"type":"ARTICLE","url":"https://www.openssh.com/txt/release-7.4"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2016-10011"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2016-10011"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10011"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2016-10012"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2016-10012"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10012"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2016-10708"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1537929"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2016-10708"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10708"}],"affected":[{"package":{"name":"openssh","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/openssh"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-askpass","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/openssh-askpass"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-cavs","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/openssh-cavs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-clients","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/openssh-clients"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-debuginfo","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/openssh-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-keycat","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/openssh-keycat"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-ldap","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/openssh-ldap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-server","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/openssh-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-server-sysvinit","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/openssh-server-sysvinit"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"pam_ssh_agent_auth","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/pam_ssh_agent_auth"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.3-1.11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/openssh"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-askpass","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/openssh-askpass"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-cavs","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/openssh-cavs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-clients","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/openssh-clients"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-debuginfo","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/openssh-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-keycat","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/openssh-keycat"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-ldap","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/openssh-ldap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-server","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/openssh-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-server-sysvinit","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/openssh-server-sysvinit"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"pam_ssh_agent_auth","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/pam_ssh_agent_auth"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.3-1.11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/openssh"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-askpass","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/openssh-askpass"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-cavs","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/openssh-cavs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-clients","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/openssh-clients"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-debuginfo","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/openssh-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-keycat","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/openssh-keycat"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-ldap","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/openssh-ldap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-server","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/openssh-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-server-sysvinit","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/openssh-server-sysvinit"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"pam_ssh_agent_auth","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/pam_ssh_agent_auth"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.3-1.11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/openssh"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-askpass","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/openssh-askpass"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-cavs","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/openssh-cavs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-clients","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/openssh-clients"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-debuginfo","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/openssh-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-keycat","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/openssh-keycat"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-ldap","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/openssh-ldap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-server","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/openssh-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"openssh-server-sysvinit","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/openssh-server-sysvinit"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.4p1-11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}},{"package":{"name":"pam_ssh_agent_auth","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/pam_ssh_agent_auth"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.3-1.11.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2029.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}