SUSE-SU-2017:0715-1: moderate: Security update for jsch
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Mar 17 05:08:54 MDT 2017
SUSE Security Update: Security update for jsch
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:0715-1
Rating: moderate
References: #997542
Cross-References: CVE-2016-5725
Affected Products:
SUSE Manager Server 3.0
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for jsch to version 0.1.54 fixes the following issues:
Security issues fixed:
- CVE-2016-5725: recursive sftp get client-side windows path traversal
(bsc#997542).
Bugfixes:
- sftp-put may send the garbage data in some rare case.
- fixed a deadlock bug in KnownHosts#getHostKey().
- SftpProgressMonitor#init() was not invoked in sftp-put by using the
output-stream.
- KnownHosts#setKnownHosts() should accept the non-existing file.
- excluding the user interaction time from the timeout value.
- addressing SFTP slow file transfer speed with Titan FTP.
- updating copyright messages; 2015 -> 2016
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Manager Server 3.0:
zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-391=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Manager Server 3.0 (noarch):
jsch-0.1.54-3.1
References:
https://www.suse.com/security/cve/CVE-2016-5725.html
https://bugzilla.suse.com/997542
More information about the sle-security-updates
mailing list