SUSE-SU-2024:2393-1
Advisory lineage Upstream: 2 Downstream: 0
Upstream
Published: 10 Jul 2024, 15:33
Last modified:04 Feb 2026, 03:40
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
10 Jul 2024, 15:33
Published
Vulnerability first disclosed
04 Feb 2026, 03:40
Last Modified
Vulnerability information updated
Description
Security update for openssh This update for openssh fixes the following issues: Security fixes: - CVE-2024-39894: Fixed timing attacks against echo-off password entry (bsc#1227318). Other fixes: - Add obsoletes for openssh-server-config-rootlogin (bsc#1227350). - Add #include <stdlib.h> in some files added by the ldap patch to fix build with gcc14 (bsc#1225904). - Remove the recommendation for openssh-server-config-rootlogin from openssh-server (bsc#1224392).
Affected Systems
- opensuse•openssh-askpass-gnome&distro=openSUSE Leap 15.6
< 9.6p1-150600.6.6.1
- opensuse•openssh&distro=openSUSE Leap 15.6
< 9.6p1-150600.6.6.1
- suse•openssh-askpass-gnome&distro=SUSE Linux Enterprise Module for Desktop Applications 15 SP6
< 9.6p1-150600.6.6.1
- suse•openssh&distro=SUSE Linux Enterprise Module for Basesystem 15 SP6
< 9.6p1-150600.6.6.1
References (8)
- https://www.suse.com/support/update/announcement/2024/suse-su-20242393-1/
- https://bugzilla.suse.com/1218215
- https://bugzilla.suse.com/1224392
- https://bugzilla.suse.com/1225904
- https://bugzilla.suse.com/1227318
- https://bugzilla.suse.com/1227350
- https://www.suse.com/security/cve/CVE-2023-51385
- https://www.suse.com/security/cve/CVE-2024-39894