Описание
Security update for openssh
openssh was updated to fix four security issues.
These security issues were fixed:
- CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695).
- CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746).
- CVE-2015-4000: Removed and disabled weak DH groups (bsc#932483).
- Hardening patch to fix sftp RCE (bsc#903649).
These non-security issues were fixed:
- bsc#914309: sshd inherits oom_adj -17 on SIGHUP causing DoS potential for oom_killer.
- bsc#673532: limits.conf fsize change in SLES10SP3 causing problems to WebSphere mqm user.
Список пакетов
SUSE Linux Enterprise Server 11 SP2-LTSS
Ссылки
- Link for SUSE-SU-2015:1840-1
- E-Mail link for SUSE-SU-2015:1840-1
- SUSE Security Ratings
- SUSE Bug 673532
- SUSE Bug 903649
- SUSE Bug 905118
- SUSE Bug 914309
- SUSE Bug 932483
- SUSE Bug 936695
- SUSE Bug 938746
- SUSE CVE CVE-2015-4000 page
- SUSE CVE CVE-2015-5352 page
- SUSE CVE CVE-2015-5600 page
Описание
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Затронутые продукты
Ссылки
- CVE-2015-4000
- SUSE Bug 1074631
- SUSE Bug 1211968
- SUSE Bug 931600
- SUSE Bug 931698
- SUSE Bug 931723
- SUSE Bug 931845
- SUSE Bug 932026
- SUSE Bug 932483
- SUSE Bug 934789
- SUSE Bug 935033
- SUSE Bug 935540
- SUSE Bug 935979
- SUSE Bug 937202
- SUSE Bug 937766
- SUSE Bug 938248
- SUSE Bug 938432
- SUSE Bug 938895
- SUSE Bug 938905
- SUSE Bug 938906
Описание
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
Затронутые продукты
Ссылки
- CVE-2015-5352
- SUSE Bug 1074631
- SUSE Bug 1138392
- SUSE Bug 936695
- SUSE Bug 938277
- SUSE Bug 948086
- SUSE Bug 992991
- SUSE Bug 996040
Описание
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
Затронутые продукты
Ссылки
- CVE-2015-5600
- SUSE Bug 1009988
- SUSE Bug 1074631
- SUSE Bug 1138392
- SUSE Bug 938746
- SUSE Bug 943006
- SUSE Bug 943007
- SUSE Bug 943010
- SUSE Bug 943504
- SUSE Bug 945985
- SUSE Bug 948086
- SUSE Bug 954457
- SUSE Bug 957883
- SUSE Bug 996040