Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
patchinfo.5092
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.5092
<patchinfo incident="5092"> <issue id="1023275" tracker="bnc">openssh, sftp: messages suppressed after upgrade from SLES 11 SP3 to SP4</issue> <issue id="1017099" tracker="bnc">SSH Match conditions with uppercase hostnames fail</issue> <issue id="1048367" tracker="bnc">sshd.service fails to signal startup failure</issue> <issue id="1053972" tracker="bnc">sshd supportedKeyExchanges diffie-hellman-group1-sha1 is duplicated</issue> <issue id="1065000" tracker="bnc">VUL-1: CVE-2017-15906: openssh: r/o sftp-server zero byte file creation</issue> <issue id="1016370" tracker="bnc">VUL-1: CVE-2016-10012: openssh: pre-auth compression checks could be optimized away</issue> <issue id="1069509" tracker="bnc">OpenSSH - accidental re-introduction of CVE-2008-1483</issue> <issue id="1076957" tracker="bnc">VUL-0: CVE-2016-10708: openssh: sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service(NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYSmessage, as demonstrated by Honggfuzz, related to kex</issue> <issue id="1092582" tracker="bnc">[Build 20180509-1] openQA test fails in sshd</issue> <issue id="2016-10708" tracker="cve" /> <issue id="2017-15906" tracker="cve" /> <issue id="2016-10012" tracker="cve" /> <issue id="2008-1483" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>pcerny</packager> <description>This update for openssh provides the following fixes: Security issues fixed: - CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server (bsc#1065000). - CVE-2016-10012: Remove pre-auth compression support from the server to prevent possible cryptographic attacks (bsc#1016370). - CVE-2008-1483: Refine handling of sockets for X11 forwarding to remove reintroduced CVE-2008-1483 (bsc#1069509). - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957). Bug fixes: - bsc#1017099: Enable case-insensitive hostname matching. - bsc#1023275: Add a new switch for printing diagnostic messages in sftp client's batch mode. - bsc#1048367: systemd integration to work around various race conditions. - bsc#1053972: Remove duplicate KEX method. - bsc#1092582: Add missing piece of systemd integration. - Remove the limit on the amount of tasks sshd can run. </description> <summary>Security update for openssh</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor