SUSE-SU-2016:2388-1: moderate: Security update for openssh
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Sep 26 13:09:33 MDT 2016
SUSE Security Update: Security update for openssh
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2388-1
Rating: moderate
References: #932483 #948902 #959096 #962313 #962794 #970632
#975865 #981654 #989363 #992533
Cross-References: CVE-2015-8325 CVE-2016-1908 CVE-2016-3115
CVE-2016-6210 CVE-2016-6515
Affected Products:
SUSE OpenStack Cloud 5
SUSE Manager Proxy 2.1
SUSE Manager 2.1
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________
An update that solves 5 vulnerabilities and has 5 fixes is
now available.
Description:
This update for OpenSSH fixes the following issues:
- Prevent user enumeration through the timing of password processing.
(bsc#989363, CVE-2016-6210)
- Allow lowering the DH groups parameter limit in server as well as when
GSSAPI key exchange is used. (bsc#948902)
- Sanitize input for xauth(1). (bsc#970632, CVE-2016-3115)
- Prevent X11 SECURITY circumvention when forwarding X11 connections.
(bsc#962313, CVE-2016-1908)
- Disable DH parameters under 2048 bits by default and allow lowering the
limit back to the RFC 4419 specified minimum through an option.
(bsc#932483, bsc#948902)
- Ignore PAM environment when using login. (bsc#975865, CVE-2015-8325)
- Limit the accepted password length (prevents a possible denial of
service). (bsc#992533, CVE-2016-6515)
- Relax version requires for the openssh-askpass sub-package. (bsc#962794)
- Avoid complaining about unset DISPLAY variable. (bsc#981654)
- Initialize message id to prevent connection breakups in some cases.
(bsc#959096)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 5:
zypper in -t patch sleclo50sp3-openssh-12759=1
- SUSE Manager Proxy 2.1:
zypper in -t patch slemap21-openssh-12759=1
- SUSE Manager 2.1:
zypper in -t patch sleman21-openssh-12759=1
- SUSE Linux Enterprise Server 11-SP3-LTSS:
zypper in -t patch slessp3-openssh-12759=1
- SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-openssh-12759=1
- SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-openssh-12759=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE OpenStack Cloud 5 (x86_64):
openssh-6.2p2-0.33.2
openssh-askpass-6.2p2-0.33.2
openssh-askpass-gnome-6.2p2-0.33.5
- SUSE Manager Proxy 2.1 (x86_64):
openssh-6.2p2-0.33.2
openssh-askpass-6.2p2-0.33.2
openssh-askpass-gnome-6.2p2-0.33.5
- SUSE Manager 2.1 (s390x x86_64):
openssh-6.2p2-0.33.2
openssh-askpass-6.2p2-0.33.2
openssh-askpass-gnome-6.2p2-0.33.5
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):
openssh-6.2p2-0.33.2
openssh-askpass-6.2p2-0.33.2
openssh-askpass-gnome-6.2p2-0.33.5
- SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
openssh-6.2p2-0.33.2
openssh-askpass-6.2p2-0.33.2
openssh-askpass-gnome-6.2p2-0.33.5
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
openssh-askpass-gnome-debuginfo-6.2p2-0.33.5
openssh-debuginfo-6.2p2-0.33.2
openssh-debugsource-6.2p2-0.33.2
References:
https://www.suse.com/security/cve/CVE-2015-8325.html
https://www.suse.com/security/cve/CVE-2016-1908.html
https://www.suse.com/security/cve/CVE-2016-3115.html
https://www.suse.com/security/cve/CVE-2016-6210.html
https://www.suse.com/security/cve/CVE-2016-6515.html
https://bugzilla.suse.com/932483
https://bugzilla.suse.com/948902
https://bugzilla.suse.com/959096
https://bugzilla.suse.com/962313
https://bugzilla.suse.com/962794
https://bugzilla.suse.com/970632
https://bugzilla.suse.com/975865
https://bugzilla.suse.com/981654
https://bugzilla.suse.com/989363
https://bugzilla.suse.com/992533
More information about the sle-security-updates
mailing list