SUSE-SU-2017:1661-1

Опубликовано: 23 июн. 2017

Источник: suse-cvrf

Описание

Security update for openssh-openssl1

This update for openssh-openssl1 fixes the following issues:

Properly verify CIDR masks in configuration (bsc#1005893)
CVE-2016-10009: limit directories for loading PKCS11 modules (bsc#1016366)
CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369)
CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480)
fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221)

Список пакетов

SUSE Linux Enterprise Server 11-SECURITY

openssh-openssl1-6.6p1-18.1

openssh-openssl1-helpers-6.6p1-18.1

Ссылки

https://www.suse.com/support/update/announcement/2017/suse-su-20171661-1/
Link for SUSE-SU-2017:1661-1
https://lists.suse.com/pipermail/sle-security-updates/2017-June/002972.html
E-Mail link for SUSE-SU-2017:1661-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1005480
SUSE Bug 1005480
https://bugzilla.suse.com/1005893
SUSE Bug 1005893
https://bugzilla.suse.com/1006221
SUSE Bug 1006221
https://bugzilla.suse.com/1016366
SUSE Bug 1016366
https://bugzilla.suse.com/1016369
SUSE Bug 1016369
https://www.suse.com/security/cve/CVE-2016-10009/
SUSE CVE CVE-2016-10009 page
https://www.suse.com/security/cve/CVE-2016-10011/
SUSE CVE CVE-2016-10011 page
https://www.suse.com/security/cve/CVE-2016-8858/
SUSE CVE CVE-2016-8858 page

Описание

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.

Затронутые продукты

SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-18.1

SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-18.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-10009.html
CVE-2016-10009
https://bugzilla.suse.com/1016336
SUSE Bug 1016336
https://bugzilla.suse.com/1016366
SUSE Bug 1016366
https://bugzilla.suse.com/1016370
SUSE Bug 1016370
https://bugzilla.suse.com/1026634
SUSE Bug 1026634
https://bugzilla.suse.com/1138392
SUSE Bug 1138392
https://bugzilla.suse.com/1213504
SUSE Bug 1213504
https://bugzilla.suse.com/1217035
SUSE Bug 1217035

Описание

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.

Затронутые продукты

SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-18.1

SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-18.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-10011.html
CVE-2016-10011
https://bugzilla.suse.com/1016336
SUSE Bug 1016336
https://bugzilla.suse.com/1016369
SUSE Bug 1016369
https://bugzilla.suse.com/1016370
SUSE Bug 1016370
https://bugzilla.suse.com/1017870
SUSE Bug 1017870
https://bugzilla.suse.com/1026634
SUSE Bug 1026634
https://bugzilla.suse.com/1029445
SUSE Bug 1029445

Описание

** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."

Затронутые продукты

SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-18.1

SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-18.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-8858.html
CVE-2016-8858
https://bugzilla.suse.com/1005480
SUSE Bug 1005480

SUSE-SU-2017:1661-1

Описание

Список пакетов

SUSE Linux Enterprise Server 11-SECURITY

Ссылки

Уязвимость: CVE-2016-10009

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-10011

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-8858

Описание

Затронутые продукты

Ссылки