Описание
Security update for openssh
This update for openssh fixes the following issues:
Security issue fixed:
- CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server (bsc#1065000).
Bug fixes:
- FIPS: Startup selfchecks (bsc#1068310).
- FIPS: Silent complaints about unsupported key exchange methods (bsc#1006166).
- Refine handling of sockets for X11 forwarding to remove reintroduced CVE-2008-1483 (bsc#1069509).
- Test configuration before running daemon to prevent looping resulting in service shutdown (bsc#1048367)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
openssh-7.2p2-74.11.1
openssh-askpass-gnome-7.2p2-74.11.3
openssh-helpers-7.2p2-74.11.1
SUSE Linux Enterprise Desktop 12 SP3
openssh-7.2p2-74.11.1
openssh-askpass-gnome-7.2p2-74.11.3
openssh-helpers-7.2p2-74.11.1
SUSE Linux Enterprise Server 12 SP2
openssh-7.2p2-74.11.1
openssh-askpass-gnome-7.2p2-74.11.3
openssh-fips-7.2p2-74.11.1
openssh-helpers-7.2p2-74.11.1
SUSE Linux Enterprise Server 12 SP3
openssh-7.2p2-74.11.1
openssh-askpass-gnome-7.2p2-74.11.3
openssh-fips-7.2p2-74.11.1
openssh-helpers-7.2p2-74.11.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
openssh-7.2p2-74.11.1
openssh-askpass-gnome-7.2p2-74.11.3
openssh-fips-7.2p2-74.11.1
openssh-helpers-7.2p2-74.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
openssh-7.2p2-74.11.1
openssh-askpass-gnome-7.2p2-74.11.3
openssh-fips-7.2p2-74.11.1
openssh-helpers-7.2p2-74.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
openssh-7.2p2-74.11.1
openssh-askpass-gnome-7.2p2-74.11.3
openssh-fips-7.2p2-74.11.1
openssh-helpers-7.2p2-74.11.1
Ссылки
- Link for SUSE-SU-2017:3230-1
- E-Mail link for SUSE-SU-2017:3230-1
- SUSE Security Ratings
- SUSE Bug 1006166
- SUSE Bug 1048367
- SUSE Bug 1065000
- SUSE Bug 1068310
- SUSE Bug 1069509
- SUSE CVE CVE-2008-1483 page
- SUSE CVE CVE-2017-15906 page
Описание
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:openssh-7.2p2-74.11.1
SUSE Linux Enterprise Desktop 12 SP2:openssh-askpass-gnome-7.2p2-74.11.3
SUSE Linux Enterprise Desktop 12 SP2:openssh-helpers-7.2p2-74.11.1
SUSE Linux Enterprise Desktop 12 SP3:openssh-7.2p2-74.11.1
Ссылки
- CVE-2008-1483
- SUSE Bug 1069509
- SUSE Bug 373527
- SUSE Bug 585630
- SUSE Bug 647633
- SUSE Bug 706386
Описание
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:openssh-7.2p2-74.11.1
SUSE Linux Enterprise Desktop 12 SP2:openssh-askpass-gnome-7.2p2-74.11.3
SUSE Linux Enterprise Desktop 12 SP2:openssh-helpers-7.2p2-74.11.1
SUSE Linux Enterprise Desktop 12 SP3:openssh-7.2p2-74.11.1
Ссылки
- CVE-2017-15906
- SUSE Bug 1064285
- SUSE Bug 1065000
- SUSE Bug 1074115
- SUSE Bug 1079488
- SUSE Bug 1090163
- SUSE Bug 1099316
- SUSE Bug 1138392