Security update for openssh
Announcement ID: | SUSE-SU-2016:2388-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves five vulnerabilities and has five security fixes can now be installed.
Description:
This update for OpenSSH fixes the following issues:
- Prevent user enumeration through the timing of password processing. (bsc#989363, CVE-2016-6210)
- Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used. (bsc#948902)
- Sanitize input for xauth(1). (bsc#970632, CVE-2016-3115)
- Prevent X11 SECURITY circumvention when forwarding X11 connections. (bsc#962313, CVE-2016-1908)
- Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option. (bsc#932483, bsc#948902)
- Ignore PAM environment when using login. (bsc#975865, CVE-2015-8325)
- Limit the accepted password length (prevents a possible denial of service). (bsc#992533, CVE-2016-6515)
- Relax version requires for the openssh-askpass sub-package. (bsc#962794)
- Avoid complaining about unset DISPLAY variable. (bsc#981654)
- Initialize message id to prevent connection breakups in some cases. (bsc#959096)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Point of Service 11 SP3
zypper in -t patch sleposp3-openssh-12759=1
-
SUSE Linux Enterprise Server 11 SP3 LTSS 11-SP3
zypper in -t patch slessp3-openssh-12759=1
-
SUSE Cloud 5
zypper in -t patch sleclo50sp3-openssh-12759=1
-
SUSE Manager Server 2.1
zypper in -t patch sleman21-openssh-12759=1
-
SUSE Manager Proxy 2.1
zypper in -t patch slemap21-openssh-12759=1
Package List:
-
SUSE Linux Enterprise Point of Service 11 SP3 (i586)
- openssh-askpass-gnome-6.2p2-0.33.5
- openssh-askpass-6.2p2-0.33.2
- openssh-6.2p2-0.33.2
-
SUSE Linux Enterprise Server 11 SP3 LTSS 11-SP3 (s390x x86_64 i586)
- openssh-askpass-gnome-6.2p2-0.33.5
- openssh-askpass-6.2p2-0.33.2
- openssh-6.2p2-0.33.2
-
SUSE Cloud 5 (x86_64)
- openssh-askpass-gnome-6.2p2-0.33.5
- openssh-askpass-6.2p2-0.33.2
- openssh-6.2p2-0.33.2
-
SUSE Manager Server 2.1 (s390x x86_64)
- openssh-askpass-gnome-6.2p2-0.33.5
- openssh-askpass-6.2p2-0.33.2
- openssh-6.2p2-0.33.2
-
SUSE Manager Proxy 2.1 (x86_64)
- openssh-askpass-gnome-6.2p2-0.33.5
- openssh-askpass-6.2p2-0.33.2
- openssh-6.2p2-0.33.2
References:
- https://www.suse.com/security/cve/CVE-2015-8325.html
- https://www.suse.com/security/cve/CVE-2016-1908.html
- https://www.suse.com/security/cve/CVE-2016-3115.html
- https://www.suse.com/security/cve/CVE-2016-6210.html
- https://www.suse.com/security/cve/CVE-2016-6515.html
- https://bugzilla.suse.com/show_bug.cgi?id=932483
- https://bugzilla.suse.com/show_bug.cgi?id=948902
- https://bugzilla.suse.com/show_bug.cgi?id=959096
- https://bugzilla.suse.com/show_bug.cgi?id=962313
- https://bugzilla.suse.com/show_bug.cgi?id=962794
- https://bugzilla.suse.com/show_bug.cgi?id=970632
- https://bugzilla.suse.com/show_bug.cgi?id=975865
- https://bugzilla.suse.com/show_bug.cgi?id=981654
- https://bugzilla.suse.com/show_bug.cgi?id=989363
- https://bugzilla.suse.com/show_bug.cgi?id=992533