SUSE-SU-2015:1581-1

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20151581-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:1581-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:1581-1
Related
Published
2015-09-17T12:53:08Z
Modified
2015-09-17T12:53:08Z
Summary
Security update for openssh
Details

openssh was updated to fix several security issues and bugs.

These security issues were fixed: * CVE-2015-5352: The x11openhelper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). * CVE-2015-5600: The kbdintnextdevice function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483). * Hardening patch to fix sftp RCE (bsc#903649). * CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITORREQPAMINITCTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITORREQPWNAM request, related to monitor.c and monitorwrap.c. * CVE-2015-6564: Use-after-free vulnerability in the mmanswerpamfreectx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITORREQPAMFREE_CTX request.

These non-security issues were fixed: - bsc#914309: sshd inherits oomadj -17 on SIGHUP causing DoS potential for oomkiller. - bsc#673532: limits.conf fsize change in SLES10SP3 causing problems to WebSphere mqm user. - bsc#916549: Fixed support for aesXXX-gcm@openssh.com.

References

Affected packages

SUSE:Linux Enterprise Desktop 11 SP3 / openssh

Package

Name
openssh
Purl
pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2p2-0.21.1

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass": "6.2p2-0.21.1",
            "openssh-askpass-gnome": "6.2p2-0.21.3",
            "openssh": "6.2p2-0.21.1"
        }
    ]
}

SUSE:Linux Enterprise Desktop 11 SP3 / openssh-askpass-gnome

Package

Name
openssh-askpass-gnome
Purl
pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2p2-0.21.3

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass": "6.2p2-0.21.1",
            "openssh-askpass-gnome": "6.2p2-0.21.3",
            "openssh": "6.2p2-0.21.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3 / openssh

Package

Name
openssh
Purl
pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2p2-0.21.1

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass": "6.2p2-0.21.1",
            "openssh-askpass-gnome": "6.2p2-0.21.3",
            "openssh": "6.2p2-0.21.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3 / openssh-askpass-gnome

Package

Name
openssh-askpass-gnome
Purl
pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2p2-0.21.3

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass": "6.2p2-0.21.1",
            "openssh-askpass-gnome": "6.2p2-0.21.3",
            "openssh": "6.2p2-0.21.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-TERADATA / openssh

Package

Name
openssh
Purl
pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2p2-0.21.1

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass": "6.2p2-0.21.1",
            "openssh-askpass-gnome": "6.2p2-0.21.3",
            "openssh": "6.2p2-0.21.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-TERADATA / openssh-askpass-gnome

Package

Name
openssh-askpass-gnome
Purl
pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2p2-0.21.3

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass": "6.2p2-0.21.1",
            "openssh-askpass-gnome": "6.2p2-0.21.3",
            "openssh": "6.2p2-0.21.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 11 SP3 / openssh

Package

Name
openssh
Purl
pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2p2-0.21.1

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass": "6.2p2-0.21.1",
            "openssh-askpass-gnome": "6.2p2-0.21.3",
            "openssh": "6.2p2-0.21.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 11 SP3 / openssh-askpass-gnome

Package

Name
openssh-askpass-gnome
Purl
pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2p2-0.21.3

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass": "6.2p2-0.21.1",
            "openssh-askpass-gnome": "6.2p2-0.21.3",
            "openssh": "6.2p2-0.21.1"
        }
    ]
}