What Are You Looking For?

Sign Up
   SUSE Security Update: Security update for openssh
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2275-1
Rating:             moderate
References:         #1016370 #1017099 #1023275 #1053972 #1065000 
                    #1069509 #1076957 
Cross-References:   CVE-2008-1483 CVE-2016-10012 CVE-2016-10708
                    CVE-2017-15906
Affected Products:
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves four vulnerabilities and has three
   fixes is now available.

Description:

   This update for openssh fixes the following issues:

   Security issues fixed:

   - CVE-2016-10012: Fix pre-auth compression checks that could be optimized
     away (bsc#1016370).
   - CVE-2016-10708: Fix remote denial of service (NULL pointer dereference
     and daemon crash) via an out-of-sequence NEWKEYSmessage (bsc#1076957).
   - CVE-2017-15906: Fix r/o sftp-server zero byte file creation
     (bsc#1065000).
   - CVE-2008-1483: Fix accidental re-introduction of CVE-2008-1483
     (bsc#1069509).

   Bug fixes:

   - bsc#1017099: Match conditions with uppercase hostnames fail (bsc#1017099)
   - bsc#1053972: supportedKeyExchanges diffie-hellman-group1-sha1 is
     duplicated (bsc#1053972)
   - bsc#1023275: Messages suppressed after upgrade from SLES 11 SP3 to SP4
     (bsc#1023275)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-openssh-13719=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-openssh-13719=1



Package List:

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      openssh-6.6p1-36.3.1
      openssh-askpass-gnome-6.6p1-36.3.1
      openssh-fips-6.6p1-36.3.1
      openssh-helpers-6.6p1-36.3.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      openssh-askpass-gnome-debuginfo-6.6p1-36.3.1
      openssh-debuginfo-6.6p1-36.3.1
      openssh-debugsource-6.6p1-36.3.1


References:

   https://www.suse.com/security/cve/CVE-2008-1483.html
   https://www.suse.com/security/cve/CVE-2016-10012.html
   https://www.suse.com/security/cve/CVE-2016-10708.html
   https://www.suse.com/security/cve/CVE-2017-15906.html
   https://bugzilla.suse.com/1016370
   https://bugzilla.suse.com/1017099
   https://bugzilla.suse.com/1023275
   https://bugzilla.suse.com/1053972
   https://bugzilla.suse.com/1065000
   https://bugzilla.suse.com/1069509
   https://bugzilla.suse.com/1076957

SUSE: 2018:2275-1 moderate: openssh

August 9, 2018
An update that solves four vulnerabilities and has three fixes is now available

Summary

This update for openssh fixes the following issues: Security issues fixed: - CVE-2016-10012: Fix pre-auth compression checks that could be optimized away (bsc#1016370). - CVE-2016-10708: Fix remote denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYSmessage (bsc#1076957). - CVE-2017-15906: Fix r/o sftp-server zero byte file creation (bsc#1065000). - CVE-2008-1483: Fix accidental re-introduction of CVE-2008-1483 (bsc#1069509). Bug fixes: - bsc#1017099: Match conditions with uppercase hostnames fail (bsc#1017099) - bsc#1053972: supportedKeyExchanges diffie-hellman-group1-sha1 is duplicated (bsc#1053972) - bsc#1023275: Messages suppressed after upgrade from SLES 11 SP3 to SP4 (bsc#1023275) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssh-13719=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssh-13719=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-6.6p1-36.3.1 openssh-askpass-gnome-6.6p1-36.3.1 openssh-fips-6.6p1-36.3.1 openssh-helpers-6.6p1-36.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.6p1-36.3.1 openssh-debuginfo-6.6p1-36.3.1 openssh-debugsource-6.6p1-36.3.1

References

#1016370 #1017099 #1023275 #1053972 #1065000

#1069509 #1076957

Cross- CVE-2008-1483 CVE-2016-10012 CVE-2016-10708

CVE-2017-15906

Affected Products:

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2008-1483.html

https://www.suse.com/security/cve/CVE-2016-10012.html

https://www.suse.com/security/cve/CVE-2016-10708.html

https://www.suse.com/security/cve/CVE-2017-15906.html

https://bugzilla.suse.com/1016370

https://bugzilla.suse.com/1017099

https://bugzilla.suse.com/1023275

https://bugzilla.suse.com/1053972

https://bugzilla.suse.com/1065000

https://bugzilla.suse.com/1069509

https://bugzilla.suse.com/1076957

Severity
Announcement ID: SUSE-SU-2018:2275-1
Rating: moderate

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses

About Us

Powered By

Footer Logo