SUSE-SU-2015:1544-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:1544-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2015:1544-1

Related

Published

2015-09-09T08:52:05Z

Modified

2015-09-09T08:52:05Z

Summary

Security update for openssh

Details

openssh was updated to fix several security issues.

These security issues were fixed: * CVE-2015-5352: The x11openhelper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). * CVE-2015-5600: The kbdintnextdevice function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483). * Hardening patch to fix sftp RCE (bsc#903649). * CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITORREQPAMINITCTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITORREQPWNAM request, related to monitor.c and monitorwrap.c. (bsc#943010) * CVE-2015-6564: Use-after-free vulnerability in the mmanswerpamfreectx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITORREQPAMFREE_CTX request. (bsc#943006)

Also use %restartonupdate in the trigger script.

References

Affected packages

SUSE:Linux Enterprise Desktop 12 / openssh

Package

Name: openssh
Purl: purl:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6p1-29.1

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass-gnome": "6.6p1-29.1",
            "openssh-helpers": "6.6p1-29.1",
            "openssh": "6.6p1-29.1"
        }
    ]
}

SUSE:Linux Enterprise Desktop 12 / openssh-askpass-gnome

Package

Name: openssh-askpass-gnome
Purl: purl:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6p1-29.1

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass-gnome": "6.6p1-29.1",
            "openssh-helpers": "6.6p1-29.1",
            "openssh": "6.6p1-29.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 / openssh

Package

Name: openssh
Purl: purl:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6p1-29.1

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass-gnome": "6.6p1-29.1",
            "openssh-fips": "6.6p1-29.1",
            "openssh-helpers": "6.6p1-29.1",
            "openssh": "6.6p1-29.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 / openssh-askpass-gnome

Package

Name: openssh-askpass-gnome
Purl: purl:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6p1-29.1

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass-gnome": "6.6p1-29.1",
            "openssh-fips": "6.6p1-29.1",
            "openssh-helpers": "6.6p1-29.1",
            "openssh": "6.6p1-29.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / openssh

Package

Name: openssh
Purl: purl:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6p1-29.1

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass-gnome": "6.6p1-29.1",
            "openssh-fips": "6.6p1-29.1",
            "openssh-helpers": "6.6p1-29.1",
            "openssh": "6.6p1-29.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / openssh-askpass-gnome

Package

Name: openssh-askpass-gnome
Purl: purl:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6p1-29.1

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass-gnome": "6.6p1-29.1",
            "openssh-fips": "6.6p1-29.1",
            "openssh-helpers": "6.6p1-29.1",
            "openssh": "6.6p1-29.1"
        }
    ]
}