SSH patch for X SECURITY bug (CVE-2015-5352)?

Alan Amesbury amesbury at
Fri Feb 26 20:59:41 UTC 2016

A while back someone discovered a bug prior to OpenSSH v6.9 relating to use of the "-X" option (X11 forwarding) option for the SSH client.  The CVE entry contains links to a couple other sites:

The OpenSSH v6.9 release notes ( mention this as a security bugfix, but don't indicate if the problem existed in versions earlier than v6.8; FreeBSD 9.3-RELEASE, 10.1-RELEASE, and 10.2-RELEASE appear to have v6.6.1 (although linked against different versions of OpenSSL).  I've searched FreeBSD's security advisories, but see no mention of this bug at all (certainly not in the most recent OpenSSH advisories).  Top search hits in Google for this CVE show a couple Linux distros (RedHat and Ubuntu) mention it.  For what it's worth, RedHat's declining to fix it in RHEL 5, deferring the fix in RHEL 6, and says RHEL 7 is not affected.  Ubuntu's support mentions it but describes no plans to fix it.

Are any of you aware of a patch for this that's been committed unannounced?  It strikes me as a somewhat esoteric bug, but I promised someone I'd ask around about it.  If no patch is committed, is the plan to just defer this one until later?

Alan Amesbury
University Information Security

More information about the freebsd-stable mailing list