openSUSE: 2024:2393-1 Moderate: OpenSSH Timing Attack Issues
suse
July 10, 2024
* bsc#1218215 * bsc#1224392 * bsc#1225904 * bsc#1227318 * bsc#1227350
Summary
##
This update for openssh fixes the following issues:
Security fixes:
* CVE-2024-39894: Fixed timing attacks against echo-off password entry
(bsc#1227318).
Other fixes: \- Add obsoletes for openssh-server-config-rootlogin (bsc#1227350).
\- Add #include
Topics Covered
References
* bsc#1218215
* bsc#1224392
* bsc#1225904
* bsc#1227318
* bsc#1227350
Cross-
* CVE-2023-51385
* CVE-2024-39894
CVSS scores:
* CVE-2023-51385 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2023-51385 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-39894 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* Basesystem Module 15-SP6
* Desktop Applications Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves two vulnerabilities and has three security fixes can now
be installed.
##
* https://www.suse.com/security/cve/CVE-2023-51385.html
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2024:2393-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!