Security update for openssh
Announcement ID: | SUSE-SU-2015:1544-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves five vulnerabilities and has one security fix can now be installed.
Description:
openssh was updated to fix several security issues.
These security issues were fixed: * CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). * CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483). * Hardening patch to fix sftp RCE (bsc#903649). * CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. (bsc#943010) * CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. (bsc#943006)
Also use %restart_on_update in the trigger script.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Desktop 12
zypper in -t patch SUSE-SLE-DESKTOP-12-2015-526=1
-
SUSE Linux Enterprise Server 12
zypper in -t patch SUSE-SLE-SERVER-12-2015-526=1
-
SUSE Linux Enterprise Server for SAP Applications 12
zypper in -t patch SUSE-SLE-SERVER-12-2015-526=1
Package List:
-
SUSE Linux Enterprise Desktop 12 (x86_64)
- openssh-debuginfo-6.6p1-29.1
- openssh-debugsource-6.6p1-29.1
- openssh-helpers-6.6p1-29.1
- openssh-6.6p1-29.1
- openssh-helpers-debuginfo-6.6p1-29.1
- openssh-askpass-gnome-6.6p1-29.1
- openssh-askpass-gnome-debuginfo-6.6p1-29.1
-
SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
- openssh-debuginfo-6.6p1-29.1
- openssh-debugsource-6.6p1-29.1
- openssh-helpers-6.6p1-29.1
- openssh-fips-6.6p1-29.1
- openssh-6.6p1-29.1
- openssh-helpers-debuginfo-6.6p1-29.1
- openssh-askpass-gnome-6.6p1-29.1
- openssh-askpass-gnome-debuginfo-6.6p1-29.1
-
SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
- openssh-debuginfo-6.6p1-29.1
- openssh-debugsource-6.6p1-29.1
- openssh-helpers-6.6p1-29.1
- openssh-fips-6.6p1-29.1
- openssh-6.6p1-29.1
- openssh-helpers-debuginfo-6.6p1-29.1
- openssh-askpass-gnome-6.6p1-29.1
- openssh-askpass-gnome-debuginfo-6.6p1-29.1
References:
- https://www.suse.com/security/cve/CVE-2015-4000.html
- https://www.suse.com/security/cve/CVE-2015-5352.html
- https://www.suse.com/security/cve/CVE-2015-5600.html
- https://www.suse.com/security/cve/CVE-2015-6563.html
- https://www.suse.com/security/cve/CVE-2015-6564.html
- https://bugzilla.suse.com/show_bug.cgi?id=903649
- https://bugzilla.suse.com/show_bug.cgi?id=932483
- https://bugzilla.suse.com/show_bug.cgi?id=936695
- https://bugzilla.suse.com/show_bug.cgi?id=938746
- https://bugzilla.suse.com/show_bug.cgi?id=943006
- https://bugzilla.suse.com/show_bug.cgi?id=943010