SUSE-SU-2015:1544-1: moderate: Security update for openssh
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Sep 11 07:09:43 MDT 2015
SUSE Security Update: Security update for openssh
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:1544-1
Rating: moderate
References: #903649 #932483 #936695 #938746 #943006 #943010
Cross-References: CVE-2015-4000 CVE-2015-5352 CVE-2015-5600
CVE-2015-6563 CVE-2015-6564
Affected Products:
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12
______________________________________________________________________________
An update that solves 5 vulnerabilities and has one errata
is now available.
Description:
openssh was updated to fix several security issues.
These security issues were fixed:
* CVE-2015-5352: The x11_open_helper function in channels.c in ssh in
OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the
refusal deadline for X connections, which made it easier for remote
attackers to bypass intended access restrictions via a connection outside
of the permitted time window (bsc#936695).
* CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd
in OpenSSH did not properly restrict the processing of
keyboard-interactive devices within a single connection, which made it
easier for remote attackers to conduct brute-force attacks or cause a
denial of service (CPU consumption) via a long and duplicative list in
the ssh -oKbdInteractiveDevices option, as demonstrated by a modified
client that provides a different password for each pam element on this
list (bsc#938746).
* CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM
(bsc#932483).
* Hardening patch to fix sftp RCE (bsc#903649).
* CVE-2015-6563: The monitor component in sshd in OpenSSH accepted
extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which
allowed local users to conduct impersonation attacks by leveraging any
SSH login access in conjunction with control of the sshd uid to send a
crafted MONITOR_REQ_PWNAM request, related to monitor.c and
monitor_wrap.c. (bsc#943010)
* CVE-2015-6564: Use-after-free vulnerability in the
mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might
have allowed local users to gain privileges by leveraging control of the
sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
(bsc#943006)
Also use %restart_on_update in the trigger script.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12:
zypper in -t patch SUSE-SLE-SERVER-12-2015-526=1
- SUSE Linux Enterprise Desktop 12:
zypper in -t patch SUSE-SLE-DESKTOP-12-2015-526=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):
openssh-6.6p1-29.1
openssh-askpass-gnome-6.6p1-29.1
openssh-askpass-gnome-debuginfo-6.6p1-29.1
openssh-debuginfo-6.6p1-29.1
openssh-debugsource-6.6p1-29.1
openssh-fips-6.6p1-29.1
openssh-helpers-6.6p1-29.1
openssh-helpers-debuginfo-6.6p1-29.1
- SUSE Linux Enterprise Desktop 12 (x86_64):
openssh-6.6p1-29.1
openssh-askpass-gnome-6.6p1-29.1
openssh-askpass-gnome-debuginfo-6.6p1-29.1
openssh-debuginfo-6.6p1-29.1
openssh-debugsource-6.6p1-29.1
openssh-helpers-6.6p1-29.1
openssh-helpers-debuginfo-6.6p1-29.1
References:
https://www.suse.com/security/cve/CVE-2015-4000.html
https://www.suse.com/security/cve/CVE-2015-5352.html
https://www.suse.com/security/cve/CVE-2015-5600.html
https://www.suse.com/security/cve/CVE-2015-6563.html
https://www.suse.com/security/cve/CVE-2015-6564.html
https://bugzilla.suse.com/903649
https://bugzilla.suse.com/932483
https://bugzilla.suse.com/936695
https://bugzilla.suse.com/938746
https://bugzilla.suse.com/943006
https://bugzilla.suse.com/943010
More information about the sle-security-updates
mailing list