[SUSE-SU-2015:1695-1] Security update for openssh
Security update for openssh
OpenSSH was updated to fix several security issues and bugs.
Please note that due to a bug in the previous shipped openssh version, sshd might
not correctly restart. Please verify that the ssh daemon is running after installing
this update.
These security issues were fixed:
CVE-2015-5352: The x11_open_helper function, when ForwardX11Trusted mode
is not used, lacked a check of the refusal deadline for X connections,
which made it easier for remote attackers to bypass intended access
restrictions via a connection outside of the permitted time window.
(bsc#936695)CVE-2015-5600: The kbdint_next_device function in auth2-chall.c
in sshd did not properly restrict the processing of keyboard-interactive
devices within a single connection, which made it easier for remote
attackers to conduct brute-force attacks or cause a denial of service
(CPU consumption) via a long and duplicative list in the ssh
-oKbdInteractiveDevices option, as demonstrated by a modified client
that provides a different password for each pam element on this list.
(bsc#938746)CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM.
(bsc#932483)Hardening patch to fix sftp RCE. (bsc#903649)
CVE-2015-6563: The monitor component in sshd accepted extraneous username
data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to
conduct impersonation attacks by leveraging any SSH login access in
conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM
request, related to monitor.c and monitor_wrap.c.CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx
function in monitor.c in sshd might have allowed local users to gain
privileges by leveraging control of the sshd uid to send an unexpectedly
early MONITOR_REQ_PAM_FREE_CTX request.
Additional a bug was fixed that could lead to openssh not working in
chroot (bsc#947458).
- ID
- SUSE-SU-2015:1695-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2015/suse-su-20151695-1/
- Published
-
2015-10-05T16:22:28
(9 years ago) - Modified
-
2015-10-05T16:22:28
(9 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2015-550
- ALAS-2015-568
- ALAS-2015-569
- ALAS-2015-570
- ALAS-2015-571
- ALAS-2015-586
- ALAS-2015-592
- ALAS-2015-625
- DSA-3287-1
- DSA-3300-1
- DSA-3316-1
- DSA-3324-1
- DSA-3339-1
- DSA-3688-1
- ELSA-2015-1072
- ELSA-2015-1185
- ELSA-2015-1197
- ELSA-2015-1228
- ELSA-2015-1229
- ELSA-2015-1230
- ELSA-2015-1526
- ELSA-2015-2088
- ELSA-2016-0466
- ELSA-2016-0741
- ELSA-2016-3531
- FEDORA-2015-10047
- FEDORA-2015-10108
- FEDORA-2015-11063
- FEDORA-2015-11067
- FEDORA-2015-11414
- FEDORA-2015-11475
- FEDORA-2015-11981
- FEDORA-2015-12054
- FEDORA-2015-12177
- FEDORA-2015-13469
- FEDORA-2015-13520
- FEDORA-2015-9048
- FEDORA-2015-9130
- FEDORA-2015-9161
- FREEBSD:2920C449-4850-11E5-825F-C80AA9043978
- FREEBSD:44D9DAEE-940C-4179-86BB-6E3FFD617869
- FREEBSD:5B74A5BC-348F-11E5-BA05-C80AA9043978
- FREEBSD:8305E215-1080-11E5-8BA2-000C2980A9F3
- GLSA-201506-02
- GLSA-201512-04
- GLSA-201512-10
- GLSA-201603-11
- GLSA-201605-06
- GLSA-201701-46
- RHSA-2015:1072
- RHSA-2015:1185
- RHSA-2015:1228
- RHSA-2015:1229
- RHSA-2015:1485
- RHSA-2015:1486
- RHSA-2015:1526
- RHSA-2015:1544
- RHSA-2015:2088
- RHSA-2016:0466
- RHSA-2016:0741
- SUSE-SU-2015:0182-2
- SUSE-SU-2015:0543-1
- SUSE-SU-2015:0545-1
- SUSE-SU-2015:0545-2
- SUSE-SU-2015:0546-1
- SUSE-SU-2015:0547-1
- SUSE-SU-2015:0578-1
- SUSE-SU-2015:0620-1
- SUSE-SU-2015:0946-1
- SUSE-SU-2015:1143-1
- SUSE-SU-2015:1150-1
- SUSE-SU-2015:1177-1
- SUSE-SU-2015:1177-2
- SUSE-SU-2015:1182-1
- SUSE-SU-2015:1182-2
- SUSE-SU-2015:1183-1
- SUSE-SU-2015:1183-2
- SUSE-SU-2015:1184-1
- SUSE-SU-2015:1184-2
- SUSE-SU-2015:1185-1
- SUSE-SU-2015:1268-1
- SUSE-SU-2015:1268-2
- SUSE-SU-2015:1269-1
- SUSE-SU-2015:1319-1
- SUSE-SU-2015:1320-1
- SUSE-SU-2015:1329-1
- SUSE-SU-2015:1331-1
- SUSE-SU-2015:1345-1
- SUSE-SU-2015:1375-1
- SUSE-SU-2015:1449-1
- SUSE-SU-2015:1482-1
- SUSE-SU-2015:1509-1
- SUSE-SU-2015:1526-1
- SUSE-SU-2015:1544-1
- SUSE-SU-2015:1581-1
- SUSE-SU-2015:1663-1
- SUSE-SU-2015:1840-1
- SUSE-SU-2015:1851-1
- SUSE-SU-2016:0224-1
- SUSE-SU-2016:0262-1
- SUSE-SU-2016:0344-1
- SUSE-SU-2016:1618-1
- SUSE-SU-2016:2209-1
- SUSE-SU-2016:2385-1
- SUSE-SU-2018:1768-1
- SUSE-SU-2023:0586-1
- SUSE-SU-2023:4506-1
- SUSE-SU-2023:4507-1
- USN-2656-1
- USN-2656-2
- USN-2673-1
- USN-2696-1
- USN-2706-1
- USN-2710-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/openssh?arch=x86_64&distro=sles-11&sp=4 | suse | openssh | < 6.6p1-13.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/openssh?arch=x86_64&distro=sled-11&sp=4 | suse | openssh | < 6.6p1-13.1 | sled-11 | x86_64 | |
Affected | pkg:rpm/suse/openssh?arch=s390x&distro=sles-11&sp=4 | suse | openssh | < 6.6p1-13.1 | sles-11 | s390x | |
Affected | pkg:rpm/suse/openssh?arch=ppc64&distro=sles-11&sp=4 | suse | openssh | < 6.6p1-13.1 | sles-11 | ppc64 | |
Affected | pkg:rpm/suse/openssh?arch=ia64&distro=sles-11&sp=4 | suse | openssh | < 6.6p1-13.1 | sles-11 | ia64 | |
Affected | pkg:rpm/suse/openssh?arch=i586&distro=sles-11&sp=4 | suse | openssh | < 6.6p1-13.1 | sles-11 | i586 | |
Affected | pkg:rpm/suse/openssh?arch=i586&distro=sled-11&sp=4 | suse | openssh | < 6.6p1-13.1 | sled-11 | i586 | |
Affected | pkg:rpm/suse/openssh-helpers?arch=x86_64&distro=sles-11&sp=4 | suse | openssh-helpers | < 6.6p1-13.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/openssh-helpers?arch=x86_64&distro=sled-11&sp=4 | suse | openssh-helpers | < 6.6p1-13.1 | sled-11 | x86_64 | |
Affected | pkg:rpm/suse/openssh-helpers?arch=s390x&distro=sles-11&sp=4 | suse | openssh-helpers | < 6.6p1-13.1 | sles-11 | s390x | |
Affected | pkg:rpm/suse/openssh-helpers?arch=ppc64&distro=sles-11&sp=4 | suse | openssh-helpers | < 6.6p1-13.1 | sles-11 | ppc64 | |
Affected | pkg:rpm/suse/openssh-helpers?arch=ia64&distro=sles-11&sp=4 | suse | openssh-helpers | < 6.6p1-13.1 | sles-11 | ia64 | |
Affected | pkg:rpm/suse/openssh-helpers?arch=i586&distro=sles-11&sp=4 | suse | openssh-helpers | < 6.6p1-13.1 | sles-11 | i586 | |
Affected | pkg:rpm/suse/openssh-helpers?arch=i586&distro=sled-11&sp=4 | suse | openssh-helpers | < 6.6p1-13.1 | sled-11 | i586 | |
Affected | pkg:rpm/suse/openssh-fips?arch=x86_64&distro=sles-11&sp=4 | suse | openssh-fips | < 6.6p1-13.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/openssh-fips?arch=s390x&distro=sles-11&sp=4 | suse | openssh-fips | < 6.6p1-13.1 | sles-11 | s390x | |
Affected | pkg:rpm/suse/openssh-fips?arch=ppc64&distro=sles-11&sp=4 | suse | openssh-fips | < 6.6p1-13.1 | sles-11 | ppc64 | |
Affected | pkg:rpm/suse/openssh-fips?arch=ia64&distro=sles-11&sp=4 | suse | openssh-fips | < 6.6p1-13.1 | sles-11 | ia64 | |
Affected | pkg:rpm/suse/openssh-fips?arch=i586&distro=sles-11&sp=4 | suse | openssh-fips | < 6.6p1-13.1 | sles-11 | i586 | |
Affected | pkg:rpm/suse/openssh-askpass-gnome?arch=x86_64&distro=sles-11&sp=4 | suse | openssh-askpass-gnome | < 6.6p1-13.3 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/openssh-askpass-gnome?arch=x86_64&distro=sled-11&sp=4 | suse | openssh-askpass-gnome | < 6.6p1-13.3 | sled-11 | x86_64 | |
Affected | pkg:rpm/suse/openssh-askpass-gnome?arch=s390x&distro=sles-11&sp=4 | suse | openssh-askpass-gnome | < 6.6p1-13.3 | sles-11 | s390x | |
Affected | pkg:rpm/suse/openssh-askpass-gnome?arch=ppc64&distro=sles-11&sp=4 | suse | openssh-askpass-gnome | < 6.6p1-13.3 | sles-11 | ppc64 | |
Affected | pkg:rpm/suse/openssh-askpass-gnome?arch=ia64&distro=sles-11&sp=4 | suse | openssh-askpass-gnome | < 6.6p1-13.3 | sles-11 | ia64 | |
Affected | pkg:rpm/suse/openssh-askpass-gnome?arch=i586&distro=sles-11&sp=4 | suse | openssh-askpass-gnome | < 6.6p1-13.3 | sles-11 | i586 | |
Affected | pkg:rpm/suse/openssh-askpass-gnome?arch=i586&distro=sled-11&sp=4 | suse | openssh-askpass-gnome | < 6.6p1-13.3 | sled-11 | i586 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |