Описание
Security update for openssh-openssl1
This update for openssh-openssl1 fixes the following issues:
Security issues fixed:
- CVE-2016-6210: Prevent user enumeration through the timing of password processing (bsc#989363)
- CVE-2016-6515: limit accepted password length (prevents possible DoS) (bsc#992533)
- CVE-2016-3115: Sanitise input for xauth(1) (bsc#970632)
- CVE-2016-1908: prevent X11 SECURITY circumvention when forwarding X11 connections (bsc#962313)
- CVE-2015-8325: ignore PAM environment when using login (bsc#975865)
- Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option (bsc#932483, bsc#948902)
- Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used (bsc#948902)
Bugs fixed:
- avoid complaining about unset DISPLAY variable (bsc#981654)
- Correctly parse GSSAPI KEX algorithms (bsc#961368)
- more verbose FIPS mode/CC related documentation in README.FIPS (bsc#965576, bsc#960414)
- fix PRNG re-seeding (bsc#960414, bsc#729190)
- Allow empty Match blocks (bsc#961494)
Список пакетов
SUSE Linux Enterprise Server 11-SECURITY
Ссылки
- Link for SUSE-SU-2016:2555-1
- E-Mail link for SUSE-SU-2016:2555-1
- SUSE Security Ratings
- SUSE Bug 729190
- SUSE Bug 932483
- SUSE Bug 948902
- SUSE Bug 960414
- SUSE Bug 961368
- SUSE Bug 961494
- SUSE Bug 962313
- SUSE Bug 965576
- SUSE Bug 970632
- SUSE Bug 975865
- SUSE Bug 981654
- SUSE Bug 989363
- SUSE Bug 992533
- SUSE CVE CVE-2015-8325 page
- SUSE CVE CVE-2016-1908 page
- SUSE CVE CVE-2016-3115 page
- SUSE CVE CVE-2016-6210 page
Описание
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
Затронутые продукты
Ссылки
- CVE-2015-8325
- SUSE Bug 1138392
- SUSE Bug 975865
- SUSE Bug 996040
Описание
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.
Затронутые продукты
Ссылки
- CVE-2016-1908
- SUSE Bug 1001712
- SUSE Bug 1005738
- SUSE Bug 1010950
- SUSE Bug 1138392
- SUSE Bug 962313
- SUSE Bug 996040
Описание
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
Затронутые продукты
Ссылки
- CVE-2016-3115
- SUSE Bug 1005738
- SUSE Bug 1010950
- SUSE Bug 1059233
- SUSE Bug 1138392
- SUSE Bug 970632
- SUSE Bug 992296
- SUSE Bug 992991
- SUSE Bug 996040
Описание
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
Затронутые продукты
Ссылки
- CVE-2016-6210
- SUSE Bug 1001712
- SUSE Bug 1010950
- SUSE Bug 1105010
- SUSE Bug 1138392
- SUSE Bug 989363
Описание
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
Затронутые продукты
Ссылки
- CVE-2016-6515
- SUSE Bug 1010950
- SUSE Bug 1115893
- SUSE Bug 992533