Arch Linux Security Advisory ASA-201507-4 ========================================= Severity: Medium Date : 2015-07-04 CVE-ID : CVE-2015-5352 Package : openssh Type : XSECURITY restrictions bypass Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package openssh before version 6.9p1-1 is vulnerable to XSECURITY restrictions bypass. Resolution ========== Upgrade to 6.9p1-1. # pacman -Syu "openssh>=6.9p1-1" The problem has been fixed upstream in version 6.9p1. Workaround ========== None. Description =========== When forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh coupled with "fail open" behaviour in the X11 server when clients attempted connections with expired credentials. This problem was reported by Jann Horn. Impact ====== A remote attacker is able to bypass the XSECURITY restrictions when forwarding X11 connections by making use of an ineffective timeout check. References ========== http://www.openssh.com/txt/release-6.9 https://access.redhat.com/security/cve/CVE-2015-5352