SUSE-RU-2015:0204-1: moderate: Recommended update for openssh

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Feb 3 10:04:50 MST 2015 

   SUSE Recommended Update: Recommended update for openssh
______________________________________________________________________________

Announcement ID:    SUSE-RU-2015:0204-1
Rating:             moderate
References:         #855676 #856316 #912436 
Affected Products:
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

   An update that has three recommended fixes can now be
   installed.

Description:


   This update adjusts various parts of openssh (paramaters and available
   cipher lists) in regards to FIPS certification.

   Adjustments done:
   - Some Key exchange modifications were done for FIPS, removing algorithms
     no longer allowed in FIPS mode.

   - Only use Diffie Hellmann groups with 2048 bits or more in FIPS mode.

   - Allow "stat" call in seccomp sandbox due to reseeding changes in openssl.


Patch Instructions:

   To install this SUSE Recommended Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2015-51

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-51

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

      openssh-6.6p1-14.1
      openssh-askpass-gnome-6.6p1-14.1
      openssh-askpass-gnome-debuginfo-6.6p1-14.1
      openssh-debuginfo-6.6p1-14.1
      openssh-debugsource-6.6p1-14.1
      openssh-fips-6.6p1-14.1
      openssh-helpers-6.6p1-14.1
      openssh-helpers-debuginfo-6.6p1-14.1

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      openssh-6.6p1-14.1
      openssh-askpass-gnome-6.6p1-14.1
      openssh-askpass-gnome-debuginfo-6.6p1-14.1
      openssh-debuginfo-6.6p1-14.1
      openssh-debugsource-6.6p1-14.1
      openssh-helpers-6.6p1-14.1
      openssh-helpers-debuginfo-6.6p1-14.1


References:

   https://bugzilla.suse.com/show_bug.cgi?id=855676
   https://bugzilla.suse.com/show_bug.cgi?id=856316
   https://bugzilla.suse.com/show_bug.cgi?id=912436

More information about the sle-updates mailing list