Recommended update for openssh
| Announcement ID: | SUSE-RU-2019:0819-1 |
|---|---|
| Rating: | moderate |
| References: | |
| Affected Products: |
|
An update that has two fixes can now be installed.
Description:
This update for openssh fixes the following issues:
Issues addressed:
- Removed the "KexDHMin" config keyword (bsc#1127180) It used to allow lowering of the minimal allowed DH group size, which was increased to 2048 by upstream in the light of the Logjam attack. However, the code was broken since the upgrade to 7.6p1. It's still possible to use the fixed 1024-bit diffie-hellman-group1-sha1 key exchange method when working with legacy systems.
- Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
Basesystem Module 15
zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-819=1 -
Desktop Applications Module 15
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-819=1 -
Server Applications Module 15
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-819=1
Package List:
-
Basesystem Module 15 (aarch64 ppc64le s390x x86_64)
- openssh-debuginfo-7.6p1-9.26.4
- openssh-debugsource-7.6p1-9.26.4
- openssh-helpers-7.6p1-9.26.4
- openssh-7.6p1-9.26.4
- openssh-helpers-debuginfo-7.6p1-9.26.4
-
Desktop Applications Module 15 (aarch64 ppc64le s390x x86_64)
- openssh-askpass-gnome-debuginfo-7.6p1-9.26.4
- openssh-askpass-gnome-7.6p1-9.26.4
-
Server Applications Module 15 (aarch64 ppc64le s390x x86_64)
- openssh-fips-7.6p1-9.26.4
- openssh-debuginfo-7.6p1-9.26.4
- openssh-debugsource-7.6p1-9.26.4