Описание
Security update for openssh
This update for OpenSSH fixes the following issues:
- Prevent user enumeration through the timing of password processing. (bsc#989363, CVE-2016-6210)
- Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used. (bsc#948902)
- Sanitize input for xauth(1). (bsc#970632, CVE-2016-3115)
- Prevent X11 SECURITY circumvention when forwarding X11 connections. (bsc#962313, CVE-2016-1908)
- Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option. (bsc#932483, bsc#948902)
- Ignore PAM environment when using login. (bsc#975865, CVE-2015-8325)
- Limit the accepted password length (prevents a possible denial of service). (bsc#992533, CVE-2016-6515)
- Relax version requires for the openssh-askpass sub-package. (bsc#962794)
- Avoid complaining about unset DISPLAY variable. (bsc#981654)
- Initialize message id to prevent connection breakups in some cases. (bsc#959096)
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP3-LTSS
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Manager 2.1
SUSE Manager Proxy 2.1
SUSE OpenStack Cloud 5
Ссылки
- Link for SUSE-SU-2016:2388-1
- E-Mail link for SUSE-SU-2016:2388-1
- SUSE Security Ratings
- SUSE Bug 932483
- SUSE Bug 948902
- SUSE Bug 959096
- SUSE Bug 962313
- SUSE Bug 962794
- SUSE Bug 970632
- SUSE Bug 975865
- SUSE Bug 981654
- SUSE Bug 989363
- SUSE Bug 992533
- SUSE CVE CVE-2015-8325 page
- SUSE CVE CVE-2016-1908 page
- SUSE CVE CVE-2016-3115 page
- SUSE CVE CVE-2016-6210 page
- SUSE CVE CVE-2016-6515 page
Описание
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
Затронутые продукты
Ссылки
- CVE-2015-8325
- SUSE Bug 1138392
- SUSE Bug 975865
- SUSE Bug 996040
Описание
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.
Затронутые продукты
Ссылки
- CVE-2016-1908
- SUSE Bug 1001712
- SUSE Bug 1005738
- SUSE Bug 1010950
- SUSE Bug 1138392
- SUSE Bug 962313
- SUSE Bug 996040
Описание
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
Затронутые продукты
Ссылки
- CVE-2016-3115
- SUSE Bug 1005738
- SUSE Bug 1010950
- SUSE Bug 1059233
- SUSE Bug 1138392
- SUSE Bug 970632
- SUSE Bug 992296
- SUSE Bug 992991
- SUSE Bug 996040
Описание
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
Затронутые продукты
Ссылки
- CVE-2016-6210
- SUSE Bug 1001712
- SUSE Bug 1010950
- SUSE Bug 1105010
- SUSE Bug 1138392
- SUSE Bug 989363
Описание
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
Затронутые продукты
Ссылки
- CVE-2016-6515
- SUSE Bug 1010950
- SUSE Bug 1115893
- SUSE Bug 992533