Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:3243-1

Опубликовано: 08 дек. 2017
Источник: suse-cvrf

Описание

Security update for openssh

This update for openssh fixes the following issues:

Security issue fixed:

  • CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server (bsc#1065000).

Bug fixes:

  • FIPS: Startup selfchecks (bsc#1068310).
  • FIPS: Silent complaints about unsupported key exchange methods (bsc#1006166).
  • Refine handling of sockets for X11 forwarding to remove reintroduced CVE-2008-1483 (bsc#1069509).
  • Test configuration before running daemon to prevent looping resulting in service shutdown (bsc#1048367)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2
openssh-7.2p2-15.1
openssh-askpass-gnome-7.2p2-15.1
openssh-cavs-7.2p2-15.1
openssh-fips-7.2p2-15.1
openssh-helpers-7.2p2-15.1
openSUSE Leap 42.3
openssh-7.2p2-15.1
openssh-askpass-gnome-7.2p2-15.1
openssh-cavs-7.2p2-15.1
openssh-fips-7.2p2-15.1
openssh-helpers-7.2p2-15.1

Ссылки

Описание

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.

Затронутые продукты
openSUSE Leap 42.2:openssh-7.2p2-15.1
openSUSE Leap 42.2:openssh-askpass-gnome-7.2p2-15.1
openSUSE Leap 42.2:openssh-cavs-7.2p2-15.1
openSUSE Leap 42.2:openssh-fips-7.2p2-15.1
Ссылки

Описание

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Затронутые продукты
openSUSE Leap 42.2:openssh-7.2p2-15.1
openSUSE Leap 42.2:openssh-askpass-gnome-7.2p2-15.1
openSUSE Leap 42.2:openssh-cavs-7.2p2-15.1
openSUSE Leap 42.2:openssh-fips-7.2p2-15.1
Ссылки
Уязвимость openSUSE-SU-2017:3243-1