SUSE-SU-2017:0715-1: moderate: Security update for jsch

sle-updates at sle-updates at
Fri Mar 17 05:08:54 MDT 2017

   SUSE Security Update: Security update for jsch

Announcement ID:    SUSE-SU-2017:0715-1
Rating:             moderate
References:         #997542 
Cross-References:   CVE-2016-5725
Affected Products:
                    SUSE Manager Server 3.0

   An update that fixes one vulnerability is now available.


   This update for jsch to version 0.1.54 fixes the following issues:

   Security issues fixed:
   - CVE-2016-5725: recursive sftp get client-side windows path traversal

   - sftp-put may send the garbage data in some rare case.
   - fixed a deadlock bug in KnownHosts#getHostKey().
   - SftpProgressMonitor#init() was not invoked in sftp-put by using the
   - KnownHosts#setKnownHosts() should accept the non-existing file.
   - excluding the user interaction time from the timeout value.
   - addressing SFTP slow file transfer speed with Titan FTP.
   - updating copyright messages; 2015 -> 2016

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 3.0:

      zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-391=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Manager Server 3.0 (noarch):



More information about the sle-updates mailing list