SUSE-SU-2015:1840-1

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20151840-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:1840-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:1840-1
Related
Published
2015-10-19T16:07:14Z
Modified
2015-10-19T16:07:14Z
Summary
Security update for openssh
Details

openssh was updated to fix four security issues.

These security issues were fixed: - CVE-2015-5352: The x11openhelper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). - CVE-2015-5600: The kbdintnextdevice function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). - CVE-2015-4000: Removed and disabled weak DH groups (bsc#932483). - Hardening patch to fix sftp RCE (bsc#903649).

These non-security issues were fixed: - bsc#914309: sshd inherits oomadj -17 on SIGHUP causing DoS potential for oomkiller. - bsc#673532: limits.conf fsize change in SLES10SP3 causing problems to WebSphere mqm user.

References

Affected packages

SUSE:Linux Enterprise Server 11 SP2-LTSS / openssh

Package

Name
openssh
Purl
pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.1p1-41.69.1

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass": "5.1p1-41.69.1",
            "openssh-askpass-gnome": "5.1p1-41.69.4",
            "openssh": "5.1p1-41.69.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP2-LTSS / openssh-askpass-gnome

Package

Name
openssh-askpass-gnome
Purl
pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.1p1-41.69.4

Ecosystem specific

{
    "binaries": [
        {
            "openssh-askpass": "5.1p1-41.69.1",
            "openssh-askpass-gnome": "5.1p1-41.69.4",
            "openssh": "5.1p1-41.69.1"
        }
    ]
}