[SUSE-SU-2015:1695-1] Security update for openssh
Security update for openssh
OpenSSH was updated to fix several security issues and bugs.
Please note that due to a bug in the previous shipped openssh version, sshd might
not correctly restart. Please verify that the ssh daemon is running after installing
this update.
These security issues were fixed:
CVE-2015-5352: The x11_open_helper function, when ForwardX11Trusted mode
is not used, lacked a check of the refusal deadline for X connections,
which made it easier for remote attackers to bypass intended access
restrictions via a connection outside of the permitted time window.
(bsc#936695)CVE-2015-5600: The kbdint_next_device function in auth2-chall.c
in sshd did not properly restrict the processing of keyboard-interactive
devices within a single connection, which made it easier for remote
attackers to conduct brute-force attacks or cause a denial of service
(CPU consumption) via a long and duplicative list in the ssh
-oKbdInteractiveDevices option, as demonstrated by a modified client
that provides a different password for each pam element on this list.
(bsc#938746)CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM.
(bsc#932483)Hardening patch to fix sftp RCE. (bsc#903649)
CVE-2015-6563: The monitor component in sshd accepted extraneous username
data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to
conduct impersonation attacks by leveraging any SSH login access in
conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM
request, related to monitor.c and monitor_wrap.c.CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx
function in monitor.c in sshd might have allowed local users to gain
privileges by leveraging control of the sshd uid to send an unexpectedly
early MONITOR_REQ_PAM_FREE_CTX request.
Additional a bug was fixed that could lead to openssh not working in
chroot (bsc#947458).
- ID
- SUSE-SU-2015:1695-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2015/suse-su-20151695-1/
- Published
-
2015-10-05T16:22:28
(9 years ago) - Modified
-
2015-10-05T16:22:28
(9 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALAS-2015-550
-
ALAS-2015-568
-
ALAS-2015-569
-
ALAS-2015-570
-
ALAS-2015-571
-
ALAS-2015-586
-
ALAS-2015-592
-
ALAS-2015-625
-
DSA-3287-1
-
DSA-3300-1
-
DSA-3316-1
-
DSA-3324-1
-
DSA-3339-1
-
DSA-3688-1
-
ELSA-2015-1072
-
ELSA-2015-1185
-
ELSA-2015-1197
-
ELSA-2015-1228
-
ELSA-2015-1229
-
ELSA-2015-1230
-
ELSA-2015-1526
-
ELSA-2015-2088
-
ELSA-2016-0466
-
ELSA-2016-0741
-
ELSA-2016-3531
-
FEDORA-2015-10047
-
FEDORA-2015-10108
-
FEDORA-2015-11063
-
FEDORA-2015-11067
-
FEDORA-2015-11414
-
FEDORA-2015-11475
-
FEDORA-2015-11981
-
FEDORA-2015-12054
-
FEDORA-2015-12177
-
FEDORA-2015-13469
-
FEDORA-2015-13520
-
FEDORA-2015-9048
-
FEDORA-2015-9130
-
FEDORA-2015-9161
-
FREEBSD:2920C449-4850-11E5-825F-C80AA9043978
-
FREEBSD:44D9DAEE-940C-4179-86BB-6E3FFD617869
-
FREEBSD:5B74A5BC-348F-11E5-BA05-C80AA9043978
-
FREEBSD:8305E215-1080-11E5-8BA2-000C2980A9F3
-
GLSA-201506-02
-
GLSA-201512-04
-
GLSA-201512-10
-
GLSA-201603-11
-
GLSA-201605-06
-
GLSA-201701-46
-
RHSA-2015:1072
-
RHSA-2015:1185
-
RHSA-2015:1228
-
RHSA-2015:1229
-
RHSA-2015:1485
-
RHSA-2015:1486
-
RHSA-2015:1526
-
RHSA-2015:1544
-
RHSA-2015:2088
-
RHSA-2016:0466
-
RHSA-2016:0741
-
SUSE-SU-2015:0182-2
-
SUSE-SU-2015:0543-1
-
SUSE-SU-2015:0545-1
-
SUSE-SU-2015:0545-2
-
SUSE-SU-2015:0546-1
-
SUSE-SU-2015:0547-1
-
SUSE-SU-2015:0578-1
-
SUSE-SU-2015:0620-1
-
SUSE-SU-2015:0946-1
-
SUSE-SU-2015:1143-1
-
SUSE-SU-2015:1150-1
-
SUSE-SU-2015:1177-1
-
SUSE-SU-2015:1177-2
-
SUSE-SU-2015:1182-1
-
SUSE-SU-2015:1182-2
-
SUSE-SU-2015:1183-1
-
SUSE-SU-2015:1183-2
-
SUSE-SU-2015:1184-1
-
SUSE-SU-2015:1184-2
-
SUSE-SU-2015:1185-1
-
SUSE-SU-2015:1268-1
-
SUSE-SU-2015:1268-2
-
SUSE-SU-2015:1269-1
-
SUSE-SU-2015:1319-1
-
SUSE-SU-2015:1320-1
-
SUSE-SU-2015:1329-1
-
SUSE-SU-2015:1331-1
-
SUSE-SU-2015:1345-1
-
SUSE-SU-2015:1375-1
-
SUSE-SU-2015:1449-1
-
SUSE-SU-2015:1482-1
-
SUSE-SU-2015:1509-1
-
SUSE-SU-2015:1526-1
-
SUSE-SU-2015:1544-1
-
SUSE-SU-2015:1581-1
-
SUSE-SU-2015:1663-1
-
SUSE-SU-2015:1840-1
-
SUSE-SU-2015:1851-1
-
SUSE-SU-2016:0224-1
-
SUSE-SU-2016:0262-1
-
SUSE-SU-2016:0344-1
-
SUSE-SU-2016:1618-1
-
SUSE-SU-2016:2209-1
-
SUSE-SU-2016:2385-1
-
SUSE-SU-2018:1768-1
-
SUSE-SU-2023:0586-1
-
SUSE-SU-2023:4506-1
-
SUSE-SU-2023:4507-1
-
USN-2656-1
-
USN-2656-2
-
USN-2673-1
-
USN-2696-1
-
USN-2706-1
-
USN-2710-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/suse/openssh?arch=x86_64&distro=sles-11&sp=4 | suse |
 openssh
|
< 6.6p1-13.1 | sles-11 | x86_64 | |
| Affected | pkg:rpm/suse/openssh?arch=x86_64&distro=sled-11&sp=4 | suse |
openssh
|
< 6.6p1-13.1 | sled-11 | x86_64 | |
| Affected | pkg:rpm/suse/openssh?arch=s390x&distro=sles-11&sp=4 | suse |
openssh
|
< 6.6p1-13.1 | sles-11 | s390x | |
| Affected | pkg:rpm/suse/openssh?arch=ppc64&distro=sles-11&sp=4 | suse |
openssh
|
< 6.6p1-13.1 | sles-11 | ppc64 | |
| Affected | pkg:rpm/suse/openssh?arch=ia64&distro=sles-11&sp=4 | suse |
openssh
|
< 6.6p1-13.1 | sles-11 | ia64 | |
| Affected | pkg:rpm/suse/openssh?arch=i586&distro=sles-11&sp=4 | suse |
openssh
|
< 6.6p1-13.1 | sles-11 | i586 | |
| Affected | pkg:rpm/suse/openssh?arch=i586&distro=sled-11&sp=4 | suse |
openssh
|
< 6.6p1-13.1 | sled-11 | i586 | |
| Affected | pkg:rpm/suse/openssh-helpers?arch=x86_64&distro=sles-11&sp=4 | suse |
openssh-helpers
|
< 6.6p1-13.1 | sles-11 | x86_64 | |
| Affected | pkg:rpm/suse/openssh-helpers?arch=x86_64&distro=sled-11&sp=4 | suse |
openssh-helpers
|
< 6.6p1-13.1 | sled-11 | x86_64 | |
| Affected | pkg:rpm/suse/openssh-helpers?arch=s390x&distro=sles-11&sp=4 | suse |
openssh-helpers
|
< 6.6p1-13.1 | sles-11 | s390x | |
| Affected | pkg:rpm/suse/openssh-helpers?arch=ppc64&distro=sles-11&sp=4 | suse |
openssh-helpers
|
< 6.6p1-13.1 | sles-11 | ppc64 | |
| Affected | pkg:rpm/suse/openssh-helpers?arch=ia64&distro=sles-11&sp=4 | suse |
openssh-helpers
|
< 6.6p1-13.1 | sles-11 | ia64 | |
| Affected | pkg:rpm/suse/openssh-helpers?arch=i586&distro=sles-11&sp=4 | suse |
openssh-helpers
|
< 6.6p1-13.1 | sles-11 | i586 | |
| Affected | pkg:rpm/suse/openssh-helpers?arch=i586&distro=sled-11&sp=4 | suse |
openssh-helpers
|
< 6.6p1-13.1 | sled-11 | i586 | |
| Affected | pkg:rpm/suse/openssh-fips?arch=x86_64&distro=sles-11&sp=4 | suse |
openssh-fips
|
< 6.6p1-13.1 | sles-11 | x86_64 | |
| Affected | pkg:rpm/suse/openssh-fips?arch=s390x&distro=sles-11&sp=4 | suse |
openssh-fips
|
< 6.6p1-13.1 | sles-11 | s390x | |
| Affected | pkg:rpm/suse/openssh-fips?arch=ppc64&distro=sles-11&sp=4 | suse |
openssh-fips
|
< 6.6p1-13.1 | sles-11 | ppc64 | |
| Affected | pkg:rpm/suse/openssh-fips?arch=ia64&distro=sles-11&sp=4 | suse |
openssh-fips
|
< 6.6p1-13.1 | sles-11 | ia64 | |
| Affected | pkg:rpm/suse/openssh-fips?arch=i586&distro=sles-11&sp=4 | suse |
openssh-fips
|
< 6.6p1-13.1 | sles-11 | i586 | |
| Affected | pkg:rpm/suse/openssh-askpass-gnome?arch=x86_64&distro=sles-11&sp=4 | suse |
openssh-askpass-gnome
|
< 6.6p1-13.3 | sles-11 | x86_64 | |
| Affected | pkg:rpm/suse/openssh-askpass-gnome?arch=x86_64&distro=sled-11&sp=4 | suse |
openssh-askpass-gnome
|
< 6.6p1-13.3 | sled-11 | x86_64 | |
| Affected | pkg:rpm/suse/openssh-askpass-gnome?arch=s390x&distro=sles-11&sp=4 | suse |
openssh-askpass-gnome
|
< 6.6p1-13.3 | sles-11 | s390x | |
| Affected | pkg:rpm/suse/openssh-askpass-gnome?arch=ppc64&distro=sles-11&sp=4 | suse |
openssh-askpass-gnome
|
< 6.6p1-13.3 | sles-11 | ppc64 | |
| Affected | pkg:rpm/suse/openssh-askpass-gnome?arch=ia64&distro=sles-11&sp=4 | suse |
openssh-askpass-gnome
|
< 6.6p1-13.3 | sles-11 | ia64 | |
| Affected | pkg:rpm/suse/openssh-askpass-gnome?arch=i586&distro=sles-11&sp=4 | suse |
openssh-askpass-gnome
|
< 6.6p1-13.3 | sles-11 | i586 | |
| Affected | pkg:rpm/suse/openssh-askpass-gnome?arch=i586&distro=sled-11&sp=4 | suse |
openssh-askpass-gnome
|
< 6.6p1-13.3 | sled-11 | i586 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |