Explore top 10 tips to secure your open-source projects now. Read More
×
This update for openssh fixes the following issues: Security issues fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability. (bsc#1106163) - CVE-2017-15906: The process_open function in sftp-server.c in OpenSSH did not properly prevent write operations in readonly mode, which allowed attackers to create zero-length files. (bsc#1065000, bsc#1106726) - CVE-2016-10708: sshd allowed remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. (bsc#1076957)
#1016370 #1065000 #1076957 #1105010 #1105180
#1106163 #1106726
Cross- CVE-2016-10012 CVE-2016-10708 CVE-2017-15906
CVE-2018-15473 CVE-2018-15919
Affected Products:
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP3
https://www.suse.com/security/cve/CVE-2016-10012.html
https://www.suse.com/security/cve/CVE-2016-10708.html
https://www.suse.com/security/cve/CVE-2017-15906.html
https://www.suse.com/security/cve/CVE-2018-15473.html
https://www.suse.com/security/cve/CVE-2018-15919.html
https://bugzilla.suse.com/1016370
https://bugzilla.suse.com/1065000
https://bugzilla.suse.com/1076957
https://bugzilla.suse.com/1105010
https://bugzilla.suse.com/1105180
Get the latest Linux and open source security news straight to your inbox.