SUSE-SU-2015:1544-1

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20151544-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:1544-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:1544-1
Related
Published
2015-09-09T08:52:05Z
Modified
2015-09-09T08:52:05Z
Summary
Security update for openssh
Details

openssh was updated to fix several security issues.

These security issues were fixed: * CVE-2015-5352: The x11openhelper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). * CVE-2015-5600: The kbdintnextdevice function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483). * Hardening patch to fix sftp RCE (bsc#903649). * CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITORREQPAMINITCTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITORREQPWNAM request, related to monitor.c and monitorwrap.c. (bsc#943010) * CVE-2015-6564: Use-after-free vulnerability in the mmanswerpamfreectx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITORREQPAMFREE_CTX request. (bsc#943006)

Also use %restartonupdate in the trigger script.

References

Affected packages

SUSE:Linux Enterprise Desktop 12 / openssh

Package

Name
openssh
Purl
purl:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6p1-29.1

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass-gnome": "6.6p1-29.1",
            "openssh-helpers": "6.6p1-29.1",
            "openssh": "6.6p1-29.1"
        }
    ]
}

SUSE:Linux Enterprise Desktop 12 / openssh-askpass-gnome

Package

Name
openssh-askpass-gnome
Purl
purl:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6p1-29.1

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass-gnome": "6.6p1-29.1",
            "openssh-helpers": "6.6p1-29.1",
            "openssh": "6.6p1-29.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 / openssh

Package

Name
openssh
Purl
purl:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6p1-29.1

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass-gnome": "6.6p1-29.1",
            "openssh-fips": "6.6p1-29.1",
            "openssh-helpers": "6.6p1-29.1",
            "openssh": "6.6p1-29.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 / openssh-askpass-gnome

Package

Name
openssh-askpass-gnome
Purl
purl:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6p1-29.1

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass-gnome": "6.6p1-29.1",
            "openssh-fips": "6.6p1-29.1",
            "openssh-helpers": "6.6p1-29.1",
            "openssh": "6.6p1-29.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / openssh

Package

Name
openssh
Purl
purl:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6p1-29.1

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass-gnome": "6.6p1-29.1",
            "openssh-fips": "6.6p1-29.1",
            "openssh-helpers": "6.6p1-29.1",
            "openssh": "6.6p1-29.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / openssh-askpass-gnome

Package

Name
openssh-askpass-gnome
Purl
purl:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6p1-29.1

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass-gnome": "6.6p1-29.1",
            "openssh-fips": "6.6p1-29.1",
            "openssh-helpers": "6.6p1-29.1",
            "openssh": "6.6p1-29.1"
        }
    ]
}