Описание
Security update for openssh
This update for openssh fixes the following issues:
Security issues fixed:
- CVE-2016-10012: Fix pre-auth compression checks that could be optimized away (bsc#1016370).
- CVE-2016-10708: Fix remote denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYSmessage (bsc#1076957).
- CVE-2017-15906: Fix r/o sftp-server zero byte file creation (bsc#1065000).
- CVE-2008-1483: Fix accidental re-introduction of CVE-2008-1483 (bsc#1069509).
Bug fixes:
- bsc#1017099: Match conditions with uppercase hostnames fail (bsc#1017099)
- bsc#1053972: supportedKeyExchanges diffie-hellman-group1-sha1 is duplicated (bsc#1053972)
- bsc#1023275: Messages suppressed after upgrade from SLES 11 SP3 to SP4 (bsc#1023275)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
Ссылки
- Link for SUSE-SU-2018:2275-1
- E-Mail link for SUSE-SU-2018:2275-1
- SUSE Security Ratings
- SUSE Bug 1016370
- SUSE Bug 1017099
- SUSE Bug 1023275
- SUSE Bug 1053972
- SUSE Bug 1065000
- SUSE Bug 1069509
- SUSE Bug 1076957
- SUSE CVE CVE-2008-1483 page
- SUSE CVE CVE-2016-10012 page
- SUSE CVE CVE-2016-10708 page
- SUSE CVE CVE-2017-15906 page
Описание
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Затронутые продукты
Ссылки
- CVE-2008-1483
- SUSE Bug 1069509
- SUSE Bug 373527
- SUSE Bug 585630
- SUSE Bug 647633
- SUSE Bug 706386
Описание
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
Затронутые продукты
Ссылки
- CVE-2016-10012
- SUSE Bug 1006166
- SUSE Bug 1016336
- SUSE Bug 1016369
- SUSE Bug 1016370
- SUSE Bug 1017870
- SUSE Bug 1026634
- SUSE Bug 1035742
- SUSE Bug 1073044
- SUSE Bug 1092582
- SUSE Bug 1138392
Описание
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
Затронутые продукты
Ссылки
- CVE-2016-10708
- SUSE Bug 1076957
- SUSE Bug 1106726
- SUSE Bug 1138392
Описание
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Затронутые продукты
Ссылки
- CVE-2017-15906
- SUSE Bug 1064285
- SUSE Bug 1065000
- SUSE Bug 1074115
- SUSE Bug 1079488
- SUSE Bug 1090163
- SUSE Bug 1099316
- SUSE Bug 1138392