Описание
Security update for openssh
This update for openssh provides the following fixes:
Security issues fixed:
- CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server (bsc#1065000).
- CVE-2016-10012: Remove pre-auth compression support from the server to prevent possible cryptographic attacks (bsc#1016370).
- CVE-2008-1483: Refine handling of sockets for X11 forwarding to remove reintroduced CVE-2008-1483 (bsc#1069509).
- CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957).
Bug fixes:
- bsc#1017099: Enable case-insensitive hostname matching.
- bsc#1023275: Add a new switch for printing diagnostic messages in sftp client's batch mode.
- bsc#1048367: systemd integration to work around various race conditions.
- bsc#1053972: Remove duplicate KEX method.
- bsc#1092582: Add missing piece of systemd integration.
- Remove the limit on the amount of tasks sshd can run.
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP1
Ссылки
- Link for SUSE-SU-2018:2685-1
- E-Mail link for SUSE-SU-2018:2685-1
- SUSE Security Ratings
- SUSE Bug 1016370
- SUSE Bug 1017099
- SUSE Bug 1023275
- SUSE Bug 1048367
- SUSE Bug 1053972
- SUSE Bug 1065000
- SUSE Bug 1069509
- SUSE Bug 1076957
- SUSE Bug 1092582
- SUSE CVE CVE-2008-1483 page
- SUSE CVE CVE-2016-10012 page
- SUSE CVE CVE-2016-10708 page
- SUSE CVE CVE-2017-15906 page
Описание
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Затронутые продукты
Ссылки
- CVE-2008-1483
- SUSE Bug 1069509
- SUSE Bug 373527
- SUSE Bug 585630
- SUSE Bug 647633
- SUSE Bug 706386
Описание
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
Затронутые продукты
Ссылки
- CVE-2016-10012
- SUSE Bug 1006166
- SUSE Bug 1016336
- SUSE Bug 1016369
- SUSE Bug 1016370
- SUSE Bug 1017870
- SUSE Bug 1026634
- SUSE Bug 1035742
- SUSE Bug 1073044
- SUSE Bug 1092582
- SUSE Bug 1138392
Описание
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
Затронутые продукты
Ссылки
- CVE-2016-10708
- SUSE Bug 1076957
- SUSE Bug 1106726
- SUSE Bug 1138392
Описание
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Затронутые продукты
Ссылки
- CVE-2017-15906
- SUSE Bug 1064285
- SUSE Bug 1065000
- SUSE Bug 1074115
- SUSE Bug 1079488
- SUSE Bug 1090163
- SUSE Bug 1099316
- SUSE Bug 1138392