Описание
Security update for openssh
This update for openssh fixes the following issues:
Security issues fixed:
- CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or 'oracle') as a vulnerability. (bsc#1106163)
- CVE-2017-15906: The process_open function in sftp-server.c in OpenSSH did not properly prevent write operations in readonly mode, which allowed attackers to create zero-length files. (bsc#1065000, bsc#1106726)
- CVE-2016-10708: sshd allowed remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. (bsc#1076957)
- CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010)
- CVE-2016-10012: Removed pre-auth compression support from the server to prevent possible cryptographic attacks. (bsc#1016370)
Bugs fixed:
- Fixed failing 'AuthorizedKeysCommand' within a 'Match User' block in sshd_config (bsc#1105180)
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP3-LTSS
SUSE Linux Enterprise Server 11 SP3-TERADATA
Ссылки
- Link for SUSE-SU-2018:3540-1
- E-Mail link for SUSE-SU-2018:3540-1
- SUSE Security Ratings
- SUSE Bug 1016370
- SUSE Bug 1065000
- SUSE Bug 1076957
- SUSE Bug 1105010
- SUSE Bug 1105180
- SUSE Bug 1106163
- SUSE Bug 1106726
- SUSE CVE CVE-2016-10012 page
- SUSE CVE CVE-2016-10708 page
- SUSE CVE CVE-2017-15906 page
- SUSE CVE CVE-2018-15473 page
Описание
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
Затронутые продукты
Ссылки
- CVE-2016-10012
- SUSE Bug 1006166
- SUSE Bug 1016336
- SUSE Bug 1016369
- SUSE Bug 1016370
- SUSE Bug 1017870
- SUSE Bug 1026634
- SUSE Bug 1035742
- SUSE Bug 1073044
- SUSE Bug 1092582
- SUSE Bug 1138392
Описание
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
Затронутые продукты
Ссылки
- CVE-2016-10708
- SUSE Bug 1076957
- SUSE Bug 1106726
- SUSE Bug 1138392
Описание
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Затронутые продукты
Ссылки
- CVE-2017-15906
- SUSE Bug 1064285
- SUSE Bug 1065000
- SUSE Bug 1074115
- SUSE Bug 1079488
- SUSE Bug 1090163
- SUSE Bug 1099316
- SUSE Bug 1138392
Описание
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Затронутые продукты
Ссылки
- CVE-2018-15473
- SUSE Bug 1105010
- SUSE Bug 1106163
- SUSE Bug 1123133
- SUSE Bug 1138392
- SUSE Bug 1205621