Описание
Security update for openssh-openssl1
This update for openssh-openssl1 fixes the following issues:
These security issues were fixed:
- CVE-2016-10708: Prevent NULL pointer dereference via an out-of-sequence NEWKEYS message allowed remote attackers to cause a denial of service (bsc#1076957).
- CVE-2017-15906: The process_open function did not properly prevent write operations in readonly mode, which allowed attackers to create zero-length files (bsc#1065000).
- CVE-2016-10012: The shared memory manager (associated with pre-authentication compression) did not ensure that a bounds check is enforced by all compilers, which might have allowed local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures (bsc#1016370).
- CVE-2008-1483: Prevent local users from hijacking forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port. This problem was reontroduced by another patch and was previously fixed by another update (bsc#1069509).
These non-security issues were fixed:
- Remove duplicate KEX method (bsc#1053972)
- New switch for printing diagnostic messages in sftp client's batch mode (bsc#1023275)
- Enable case-insensitive hostname matching (bsc#1017099)
Список пакетов
SUSE Linux Enterprise Server 11-SECURITY
Ссылки
- Link for SUSE-SU-2018:2719-1
- E-Mail link for SUSE-SU-2018:2719-1
- SUSE Security Ratings
- SUSE Bug 1016370
- SUSE Bug 1017099
- SUSE Bug 1023275
- SUSE Bug 1053972
- SUSE Bug 1065000
- SUSE Bug 1069509
- SUSE Bug 1076957
- SUSE CVE CVE-2008-1483 page
- SUSE CVE CVE-2016-10012 page
- SUSE CVE CVE-2016-10708 page
- SUSE CVE CVE-2017-15906 page
Описание
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Затронутые продукты
Ссылки
- CVE-2008-1483
- SUSE Bug 1069509
- SUSE Bug 373527
- SUSE Bug 585630
- SUSE Bug 647633
- SUSE Bug 706386
Описание
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
Затронутые продукты
Ссылки
- CVE-2016-10012
- SUSE Bug 1006166
- SUSE Bug 1016336
- SUSE Bug 1016369
- SUSE Bug 1016370
- SUSE Bug 1017870
- SUSE Bug 1026634
- SUSE Bug 1035742
- SUSE Bug 1073044
- SUSE Bug 1092582
- SUSE Bug 1138392
Описание
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
Затронутые продукты
Ссылки
- CVE-2016-10708
- SUSE Bug 1076957
- SUSE Bug 1106726
- SUSE Bug 1138392
Описание
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Затронутые продукты
Ссылки
- CVE-2017-15906
- SUSE Bug 1064285
- SUSE Bug 1065000
- SUSE Bug 1074115
- SUSE Bug 1079488
- SUSE Bug 1090163
- SUSE Bug 1099316
- SUSE Bug 1138392