SUSE-SU-2014:0818-1: Security update for openssh

Wed Jun 18 19:04:13 MDT 2014

   SUSE Security Update: Security update for openssh
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0818-1
Rating:             low
References:         #826427 #833605 #847710 #869101 #870532 
Cross-References:   CVE-2014-2532
Affected Products:
                    SUSE Linux Enterprise Server 11 SP3 for VMware
                    SUSE Linux Enterprise Server 11 SP3
                    SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

   An update that solves one vulnerability and has four fixes
   is now available.

Description:

   This update for OpenSSH fixes the following issues:

       * Exit sshd normally when port is already in use. (bnc#832628)
       * Use hardware crypto engines where available. (bnc#826427)
       * Use correct options for login when it is used. (bnc#833605)
       * Move FIPS messages to higher debug level. (bnc#862875)
       * Fix forwarding with IPv6 addresses in DISPLAY. (bnc#847710)
       * Do not link OpenSSH binaries with LDAP libraries. (bnc#826906)
       * Parse AcceptEnv properly. (bnc#869101, CVE-2014-2532)
       * Check SSHFP DNS records even for server certificates. (bnc#870532,
         CVE-2014-2653)

   Security Issues references:

       * CVE-2014-2532
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532>
       * CVE-2014-2653
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653>

Indications:

   Everybody should update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP3 for VMware:

      zypper in -t patch slessp3-openssh-9357

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-openssh-9357

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-openssh-9357

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):

      openssh-6.2p2-0.13.1
      openssh-askpass-6.2p2-0.13.1
      openssh-askpass-gnome-6.2p2-0.13.1

   - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):

      openssh-6.2p2-0.13.1
      openssh-askpass-6.2p2-0.13.1
      openssh-askpass-gnome-6.2p2-0.13.1

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):

      openssh-6.2p2-0.13.1
      openssh-askpass-6.2p2-0.13.1
      openssh-askpass-gnome-6.2p2-0.13.1

References:

   http://support.novell.com/security/cve/CVE-2014-2532.html
   https://bugzilla.novell.com/826427
   https://bugzilla.novell.com/833605
   https://bugzilla.novell.com/847710
   https://bugzilla.novell.com/869101
   https://bugzilla.novell.com/870532
   http://download.suse.com/patch/finder/?keywords=662d3f9c264970d2784671e4c1366f91