SUSE-SU-2018:2275-1
Vulnerability Summary
Timeline
Description
Security update for openssh This update for openssh fixes the following issues: Security issues fixed: - CVE-2016-10012: Fix pre-auth compression checks that could be optimized away (bsc#1016370). - CVE-2016-10708: Fix remote denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYSmessage (bsc#1076957). - CVE-2017-15906: Fix r/o sftp-server zero byte file creation (bsc#1065000). - CVE-2008-1483: Fix accidental re-introduction of CVE-2008-1483 (bsc#1069509). Bug fixes: - bsc#1017099: Match conditions with uppercase hostnames fail (bsc#1017099) - bsc#1053972: supportedKeyExchanges diffie-hellman-group1-sha1 is duplicated (bsc#1053972) - bsc#1023275: Messages suppressed after upgrade from SLES 11 SP3 to SP4 (bsc#1023275)
Affected Systems
- suse•openssh-askpass-gnome&distro=SUSE Linux Enterprise Server 11 SP4
< 6.6p1-36.3.1
- suse•openssh-askpass-gnome&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
< 6.6p1-36.3.1
- suse•openssh&distro=SUSE Linux Enterprise Server 11 SP4
< 6.6p1-36.3.1
- suse•openssh&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
< 6.6p1-36.3.1
References (12)
- https://www.suse.com/support/update/announcement/2018/suse-su-20182275-1/
- https://bugzilla.suse.com/1016370
- https://bugzilla.suse.com/1017099
- https://bugzilla.suse.com/1023275
- https://bugzilla.suse.com/1053972
- https://bugzilla.suse.com/1065000
- https://bugzilla.suse.com/1069509
- https://bugzilla.suse.com/1076957
- https://www.suse.com/security/cve/CVE-2008-1483
- https://www.suse.com/security/cve/CVE-2016-10012
- https://www.suse.com/security/cve/CVE-2016-10708
- https://www.suse.com/security/cve/CVE-2017-15906