SUSE-SU-2016:2388-1: moderate: Security update for openssh

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Sep 26 13:09:33 MDT 2016


   SUSE Security Update: Security update for openssh
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:2388-1
Rating:             moderate
References:         #932483 #948902 #959096 #962313 #962794 #970632 
                    #975865 #981654 #989363 #992533 
Cross-References:   CVE-2015-8325 CVE-2016-1908 CVE-2016-3115
                    CVE-2016-6210 CVE-2016-6515
Affected Products:
                    SUSE OpenStack Cloud 5
                    SUSE Manager Proxy 2.1
                    SUSE Manager 2.1
                    SUSE Linux Enterprise Server 11-SP3-LTSS
                    SUSE Linux Enterprise Point of Sale 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has 5 fixes is
   now available.

Description:


   This update for OpenSSH fixes the following issues:

   - Prevent user enumeration through the timing of password processing.
     (bsc#989363, CVE-2016-6210)
   - Allow lowering the DH groups parameter limit in server as well as when
     GSSAPI key exchange is used. (bsc#948902)
   - Sanitize input for xauth(1). (bsc#970632, CVE-2016-3115)
   - Prevent X11 SECURITY circumvention when forwarding X11 connections.
     (bsc#962313, CVE-2016-1908)
   - Disable DH parameters under 2048 bits by default and allow lowering the
     limit back to the RFC 4419 specified minimum through an option.
     (bsc#932483, bsc#948902)
   - Ignore PAM environment when using login. (bsc#975865, CVE-2015-8325)
   - Limit the accepted password length (prevents a possible denial of
     service). (bsc#992533, CVE-2016-6515)
   - Relax version requires for the openssh-askpass sub-package. (bsc#962794)
   - Avoid complaining about unset DISPLAY variable. (bsc#981654)
   - Initialize message id to prevent connection breakups in some cases.
     (bsc#959096)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 5:

      zypper in -t patch sleclo50sp3-openssh-12759=1

   - SUSE Manager Proxy 2.1:

      zypper in -t patch slemap21-openssh-12759=1

   - SUSE Manager 2.1:

      zypper in -t patch sleman21-openssh-12759=1

   - SUSE Linux Enterprise Server 11-SP3-LTSS:

      zypper in -t patch slessp3-openssh-12759=1

   - SUSE Linux Enterprise Point of Sale 11-SP3:

      zypper in -t patch sleposp3-openssh-12759=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-openssh-12759=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE OpenStack Cloud 5 (x86_64):

      openssh-6.2p2-0.33.2
      openssh-askpass-6.2p2-0.33.2
      openssh-askpass-gnome-6.2p2-0.33.5

   - SUSE Manager Proxy 2.1 (x86_64):

      openssh-6.2p2-0.33.2
      openssh-askpass-6.2p2-0.33.2
      openssh-askpass-gnome-6.2p2-0.33.5

   - SUSE Manager 2.1 (s390x x86_64):

      openssh-6.2p2-0.33.2
      openssh-askpass-6.2p2-0.33.2
      openssh-askpass-gnome-6.2p2-0.33.5

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

      openssh-6.2p2-0.33.2
      openssh-askpass-6.2p2-0.33.2
      openssh-askpass-gnome-6.2p2-0.33.5

   - SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

      openssh-6.2p2-0.33.2
      openssh-askpass-6.2p2-0.33.2
      openssh-askpass-gnome-6.2p2-0.33.5

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

      openssh-askpass-gnome-debuginfo-6.2p2-0.33.5
      openssh-debuginfo-6.2p2-0.33.2
      openssh-debugsource-6.2p2-0.33.2


References:

   https://www.suse.com/security/cve/CVE-2015-8325.html
   https://www.suse.com/security/cve/CVE-2016-1908.html
   https://www.suse.com/security/cve/CVE-2016-3115.html
   https://www.suse.com/security/cve/CVE-2016-6210.html
   https://www.suse.com/security/cve/CVE-2016-6515.html
   https://bugzilla.suse.com/932483
   https://bugzilla.suse.com/948902
   https://bugzilla.suse.com/959096
   https://bugzilla.suse.com/962313
   https://bugzilla.suse.com/962794
   https://bugzilla.suse.com/970632
   https://bugzilla.suse.com/975865
   https://bugzilla.suse.com/981654
   https://bugzilla.suse.com/989363
   https://bugzilla.suse.com/992533



More information about the sle-security-updates mailing list