VulnerableCode Package Details - pkg:alpm/archlinux/openssh@7.4p1-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-au3k-npa4-aaac	The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.	CVE-2016-10012
VCID-bs1j-kwc5-aaaq	Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.	CVE-2016-10009
VCID-m5qg-dkpz-aaac	sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.	CVE-2016-10010
VCID-st64-1ck6-aaas	authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.	CVE-2016-10011

Vulnerability

Summary

Aliases

VCID-au3k-npa4-aaac

The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.

CVE-2016-10012

VCID-bs1j-kwc5-aaaq

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.

CVE-2016-10009

VCID-m5qg-dkpz-aaac

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.

CVE-2016-10010

VCID-st64-1ck6-aaas

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.

CVE-2016-10011

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:47:01.050557+00:00	Arch Linux Importer	Fixing	VCID-bs1j-kwc5-aaaq	https://security.archlinux.org/AVG-110	36.0.0
2025-03-28T07:47:01.029478+00:00	Arch Linux Importer	Fixing	VCID-m5qg-dkpz-aaac	https://security.archlinux.org/AVG-110	36.0.0
2025-03-28T07:47:01.008257+00:00	Arch Linux Importer	Fixing	VCID-st64-1ck6-aaas	https://security.archlinux.org/AVG-110	36.0.0
2025-03-28T07:47:00.987478+00:00	Arch Linux Importer	Fixing	VCID-au3k-npa4-aaac	https://security.archlinux.org/AVG-110	36.0.0
2024-10-25T05:48:37.173831+00:00	Arch Linux Importer	Fixing	VCID-bs1j-kwc5-aaaq	https://security.archlinux.org/AVG-110	34.0.2
2024-10-25T05:48:37.147079+00:00	Arch Linux Importer	Fixing	VCID-m5qg-dkpz-aaac	https://security.archlinux.org/AVG-110	34.0.2
2024-10-25T05:48:37.118583+00:00	Arch Linux Importer	Fixing	VCID-st64-1ck6-aaas	https://security.archlinux.org/AVG-110	34.0.2
2024-10-25T05:48:37.089432+00:00	Arch Linux Importer	Fixing	VCID-au3k-npa4-aaac	https://security.archlinux.org/AVG-110	34.0.2
2024-09-18T02:02:23.289193+00:00	Arch Linux Importer	Fixing	VCID-bs1j-kwc5-aaaq	https://security.archlinux.org/AVG-110	34.0.1
2024-09-18T02:02:23.262776+00:00	Arch Linux Importer	Fixing	VCID-m5qg-dkpz-aaac	https://security.archlinux.org/AVG-110	34.0.1
2024-09-18T02:02:23.237241+00:00	Arch Linux Importer	Fixing	VCID-st64-1ck6-aaas	https://security.archlinux.org/AVG-110	34.0.1
2024-09-18T02:02:23.209882+00:00	Arch Linux Importer	Fixing	VCID-au3k-npa4-aaac	https://security.archlinux.org/AVG-110	34.0.1
2024-04-28T07:57:46.651208+00:00	Arch Linux Importer	Fixing	VCID-bs1j-kwc5-aaaq	https://security.archlinux.org/AVG-110	34.0.0rc4
2024-04-28T07:57:46.629509+00:00	Arch Linux Importer	Fixing	VCID-m5qg-dkpz-aaac	https://security.archlinux.org/AVG-110	34.0.0rc4
2024-04-28T07:57:46.606099+00:00	Arch Linux Importer	Fixing	VCID-st64-1ck6-aaas	https://security.archlinux.org/AVG-110	34.0.0rc4
2024-04-28T07:57:46.582178+00:00	Arch Linux Importer	Fixing	VCID-au3k-npa4-aaac	https://security.archlinux.org/AVG-110	34.0.0rc4
2024-01-03T22:28:24.708105+00:00	Arch Linux Importer	Fixing	VCID-bs1j-kwc5-aaaq	https://security.archlinux.org/AVG-110	34.0.0rc1
2024-01-03T22:28:24.686503+00:00	Arch Linux Importer	Fixing	VCID-m5qg-dkpz-aaac	https://security.archlinux.org/AVG-110	34.0.0rc1
2024-01-03T22:28:24.664528+00:00	Arch Linux Importer	Fixing	VCID-st64-1ck6-aaas	https://security.archlinux.org/AVG-110	34.0.0rc1
2024-01-03T22:28:24.642794+00:00	Arch Linux Importer	Fixing	VCID-au3k-npa4-aaac	https://security.archlinux.org/AVG-110	34.0.0rc1

2025-03-28T07:47:01.050557+00:00

Arch Linux Importer

Fixing