| Errata ID | 93 |
|---|---|
| Date | 2014-04-16 |
| Source package | openssh |
| Fixed in version | 5.5p1-6.46.201404071521 |
| Description | Two vulnerabilities were found in OpenSSH: * The AcceptEnv option was misparsed if it contained a wildcard (CVE-2014-2532) * OpenSSH offers a feature to retrieve SSH hostkeys from DNS called SSHFP (not enabled in UCS by default). If the clients rejected the host certificate of a SSHFP-enabled server, then no SSHFP record was fetched from DNS (CVE-2014-2653) |
| Additional notes | This update fixes these vulnerabilities. |
| CVE ID | CVE-2014-2532 CVE-2014-2653 |
