openssh was updated to fix several security issues and bugs.
These security issues were fixed: * CVE-2015-5352: The x11openhelper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). * CVE-2015-5600: The kbdintnextdevice function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483). * Hardening patch to fix sftp RCE (bsc#903649). * CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITORREQPAMINITCTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITORREQPWNAM request, related to monitor.c and monitorwrap.c. * CVE-2015-6564: Use-after-free vulnerability in the mmanswerpamfreectx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITORREQPAMFREE_CTX request.
These non-security issues were fixed: - bsc#914309: sshd inherits oomadj -17 on SIGHUP causing DoS potential for oomkiller. - bsc#673532: limits.conf fsize change in SLES10SP3 causing problems to WebSphere mqm user. - bsc#916549: Fixed support for aesXXX-gcm@openssh.com.